CVE-2007-0177

EPSS 3.3%

Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Produtos afetados

n/a · n/a

PoCs públicas encontradas — 1

exploitdbwww.exploit-db.com/exploits/29404não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://osvdb.org/31525 http://secunia.com/advisories/23647 http://secunia.com/advisories/24889 https://exchange.xforce.ibmcloud.com/vulnerabilities/31359 http://sourceforge.net/forum/forum.php?forum_id=652721 http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES http://www.novell.com/linux/security/advisories/2007_6_sr.html http://www.securityfocus.com/bid/21956 http://www.vupen.com/english/advisories/2007/0096