CVE-2005-3167

medium

Description

Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

References

http://www.securityfocus.com/bid/15024

http://www.novell.com/linux/security/advisories/2005_27_sr.html

http://sourceforge.net/project/shownotes.php?release_id=361505

http://secunia.com/advisories/17074

Details

Source: Mitre, NVD

Published: 2005-10-06

Updated: 2008-09-05

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium