CVE-2007-0177 Information
Description
Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9 1.7 before 1.7.2 1.8 before 1.8.3 and 1.9 before 1.9.0rc2 when wgUseAjax is enabled allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Reference
http://osvdb.org/31525 http://secunia.com/advisories/23647 http://secunia.com/advisories/24889 http://sourceforge.net/forum/forum.php?forum_id=652721 http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES http://www.novell.com/linux/security/advisories/2007_6_sr.html http://www.securityfocus.com/bid/21956 http://www.vupen.com/english/advisories/2007/0096 https://exchange.xforce.ibmcloud.com/vulnerabilities/31359
Share on: