CVE-2005-3165
MediaWiki < 1.4.9 - Cross-Site Scripting via Math Tags or Extension Sections
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.
References (3)
Core 3
Core References
Patch x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=352777
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16932
Vendor Advisory vendor-advisory
x_refsource_suse
http://lwn.net/Articles/153906/
Scores
EPSS
0.0027
EPSS Percentile
50.2%
Details
Status
published
Products (13)
mediawiki/mediawiki
1.4.1
mediawiki/mediawiki
1.4.2
mediawiki/mediawiki
1.4.3
mediawiki/mediawiki
1.4.5
mediawiki/mediawiki
1.4.6
mediawiki/mediawiki
1.4.7
mediawiki/mediawiki
1.4.8
mediawiki/mediawiki
1.4_beta1
mediawiki/mediawiki
1.4_beta2
mediawiki/mediawiki
1.4_beta3
... and 3 more
Published
Oct 06, 2005
Tracked Since
Feb 18, 2026