CVE-2007-0177
MediaWiki < 1.6.9, 1.7 < 1.7.2, 1.8 < 1.8.3, 1.9 < 1.9.0rc2 - Cross-Site Scripting via AJAX Module
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-0177. PoCs published by Moshe Ben-Abu.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in MediaWiki by leveraging improper input sanitization in the 'action=ajax' parameter. It includes payloads for both pre-fix and post-fix versions, with UTF-7 encoding bypassing the initial patch.
Description
Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in MediaWiki by leveraging improper input sanitization in the 'action=ajax' parameter. It includes payloads for both pre-fix and post-fix versions, with UTF-7 encoding bypassing the initial patch.