CVE-2005-3167
MediaWiki - Cross-Site Scripting via HTML Inline Style Attributes
Title source: llmDescription
Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15024
Patch x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=361505
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17074
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_27_sr.html
Scores
EPSS
0.0046
EPSS Percentile
64.4%
Details
Status
published
Products (15)
mediawiki/mediawiki
1.4.1
mediawiki/mediawiki
1.4.2
mediawiki/mediawiki
1.4.3
mediawiki/mediawiki
1.4.5
mediawiki/mediawiki
1.4.6
mediawiki/mediawiki
1.4.7
mediawiki/mediawiki
1.4.8
mediawiki/mediawiki
1.4.9
mediawiki/mediawiki
1.4.10
mediawiki/mediawiki
1.4_beta1
... and 5 more
Published
Oct 06, 2005
Tracked Since
Feb 18, 2026