ID CVE-2007-0177
Summary Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Vulnerable Configurations
  • MediaWiki 1.6.0
    cpe:2.3:a:mediawiki:mediawiki:1.6.0
  • MediaWiki 1.6.1
    cpe:2.3:a:mediawiki:mediawiki:1.6.1
  • MediaWiki 1.6.2
    cpe:2.3:a:mediawiki:mediawiki:1.6.2
  • MediaWiki 1.6.3
    cpe:2.3:a:mediawiki:mediawiki:1.6.3
  • MediaWiki 1.6.4
    cpe:2.3:a:mediawiki:mediawiki:1.6.4
  • MediaWiki 1.6.5
    cpe:2.3:a:mediawiki:mediawiki:1.6.5
  • cpe:2.3:a:mediawiki:mediawiki:1.6.5_r14348
    cpe:2.3:a:mediawiki:mediawiki:1.6.5_r14348
  • MediaWiki 1.6.6
    cpe:2.3:a:mediawiki:mediawiki:1.6.6
  • MediaWiki 1.7.0
    cpe:2.3:a:mediawiki:mediawiki:1.7.0
  • MediaWiki 1.7.1
    cpe:2.3:a:mediawiki:mediawiki:1.7.1
  • MediaWiki 1.8.0
    cpe:2.3:a:mediawiki:mediawiki:1.8.0
  • MediaWiki 1.8.1
    cpe:2.3:a:mediawiki:mediawiki:1.8.1
  • MediaWiki 1.8.2
    cpe:2.3:a:mediawiki:mediawiki:1.8.2
  • MediaWiki 1.9.0 Release Candidate 2
    cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2
CVSS
Base: 5.1 (as of 11-01-2007 - 11:53)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description MediaWiki 1.x AJAX Index.PHP Cross-Site Scripting Vulnerability. CVE-2007-0177. Webapps exploit for php platform
id EDB-ID:29404
last seen 2016-02-03
modified 2007-01-09
published 2007-01-09
reporter Moshe Ben-Abu
source https://www.exploit-db.com/download/29404/
title MediaWiki 1.x AJAX Index.PHP Cross-Site Scripting Vulnerability
nessus via4
NASL family SuSE Local Security Checks
NASL id SUSE_MEDIAWIKI-3065.NASL
description This update fixes a cross site scripting (XSS) bug in the AJAX features (CVE-2007-0177).
last seen 2019-02-21
modified 2018-07-19
plugin id 27347
published 2007-10-17
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=27347
title openSUSE 10 Security Update : mediawiki (mediawiki-3065)
refmap via4
bid 21956
confirm
osvdb 31525
secunia
  • 23647
  • 24889
suse SUSE-SR:2007:006
vupen ADV-2007-0096
xf mediawiki-ajax-unspecified-xss(31359)
Last major update 07-03-2011 - 21:48
Published 10-01-2007 - 19:28
Last modified 28-07-2017 - 21:30
Back to Top