CVE-2005-3167
Published Oct 6, 2005
Last updated 16 years ago
Overview
- Description
- Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80E70F32-2F26-4836-8A4F-0A0B06EAD371"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE506B8C-245E-4A7E-A24C-FABB1D4531EF"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "934382C1-088A-4AEE-A71A-E9802AC9C1A4"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1A9028E-1BDE-4BA0-A479-7A30020331D0"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D02E4C1-2BA7-4BC0-9C11-D0F74181DF82"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "728E2852-5658-4DCC-AF1E-718B292F06C1"
}
],
"operator": "OR"
}
]
}
]