Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.debian.org/security/2014/dsa-3110 | vendor-advisory x_refsource_DEBIAN |
| http://www.openwall.com/lists/oss-security/2015/01/03/13 | mailing-list x_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2014/12/21/2 | mailing-list x_refsource_MLIST |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:006 | vendor-advisory x_refsource_MANDRIVA |
| https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html | mailing-list x_refsource_MLIST |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.debian.org/security/2014/dsa-3110 | vendor-advisory x_refsource_DEBIAN x_transferred |
| http://www.openwall.com/lists/oss-security/2015/01/03/13 | mailing-list x_refsource_MLIST x_transferred |
| http://www.openwall.com/lists/oss-security/2014/12/21/2 | mailing-list x_refsource_MLIST x_transferred |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:006 | vendor-advisory x_refsource_MANDRIVA x_transferred |
| https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html | mailing-list x_refsource_MLIST x_transferred |
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 3.5 | LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
| Hyperlink | Source | Resource |
|---|---|---|
| http://www.debian.org/security/2014/dsa-3110 | security@debian.org | N/A |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:006 | security@debian.org | N/A |
| http://www.openwall.com/lists/oss-security/2014/12/21/2 | security@debian.org | N/A |
| http://www.openwall.com/lists/oss-security/2015/01/03/13 | security@debian.org | N/A |
| https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html | security@debian.org | Vendor Advisory |
| http://www.debian.org/security/2014/dsa-3110 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:006 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://www.openwall.com/lists/oss-security/2014/12/21/2 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://www.openwall.com/lists/oss-security/2015/01/03/13 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html | af854a3a-2127-422b-91ae-364da2661108 | Vendor Advisory |