Vulnerabilities > CVE-2007-1054 - Cross-Site Scripting vulnerability in Mediawiki
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer. Successful exploitation requires that "$wgUseAjax" is enabled
Vulnerable Configurations
Nessus
| NASL family | Fedora Local Security Checks |
| NASL id | FEDORA_2007-1442.NASL |
| description | This update fixes the following vulnerability : |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 27715 |
| published | 2007-11-06 |
| reporter | This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/27715 |
| title | Fedora 7 : mediawiki-1.9.3-34.0.2.fc7 (2007-1442) |
References
- http://attrition.org/pipermail/vim/2007-February/001367.html
- http://osvdb.org/32078
- http://secunia.com/advisories/24211
- http://securityreason.com/securityalert/2274
- http://sourceforge.net/project/shownotes.php?release_id=487921&group_id=34373
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOTES
- http://www.bugsec.com/articles.php?Security=24
- http://www.securityfocus.com/archive/1/460596/100/0/threaded
- http://www.vupen.com/english/advisories/2007/0678
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32586