Detections
Analytics

CVE-2008-5250

medium

Description

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.

References

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html

http://www.securityfocus.com/bid/32844

http://www.debian.org/security/2009/dsa-1901

http://secunia.com/advisories/33349

http://secunia.com/advisories/33133

http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Details

Source: Mitre, NVD

Published: 2008-12-19

Updated: 2009-10-14

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium