CVE-2012-1582

Published Sep 9, 2012

Last updated 7 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9AC7B4F-6AE2-4FCC-80DA-0D068E479853"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57F3C3BF-CA6A-4BCC-83CE-32560F0A437D"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6D1B676-AE23-4FC5-8466-EB44B8F756CC"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C3B8FFB-25AD-4165-8C87-DBF5977572FA"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52E0CED2-EF96-4052-A4BC-4657163B4FE5"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E8D954D-484E-4DAA-8E0E-6CEAC17BBA22"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References