CVE-2007-0177

MediaWiki < 1.6.9, 1.7 < 1.7.2, 1.8 < 1.8.3, 1.9 < 1.9.0rc2 - Cross-Site Scripting via AJAX Module

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0177. PoCs published by Moshe Ben-Abu.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in MediaWiki by leveraging improper input sanitization in the 'action=ajax' parameter. It includes payloads for both pre-fix and post-fix versions, with UTF-7 encoding bypassing the initial patch.

Description

Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Moshe Ben-Abu · textwebappsphp
https://www.exploit-db.com/exploits/29404

This exploit demonstrates a cross-site scripting (XSS) vulnerability in MediaWiki by leveraging improper input sanitization in the 'action=ajax' parameter. It includes payloads for both pre-fix and post-fix versions, with UTF-7 encoding bypassing the initial patch.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: MediaWiki v1.8.2 and below, v1.8.3 - v1.9.2
No auth needed
Prerequisites: Access to a vulnerable MediaWiki instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0096
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24889
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31359
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_6_sr.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/31525
Patch, Vendor Advisory x_refsource_confirm
http://sourceforge.net/forum/forum.php?forum_id=652721
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21956
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23647

Scores

EPSS 0.0333
EPSS Percentile 87.1%

Details

Status published
Products (14)
mediawiki/mediawiki 1.6.0
mediawiki/mediawiki 1.6.1
mediawiki/mediawiki 1.6.2
mediawiki/mediawiki 1.6.3
mediawiki/mediawiki 1.6.4
mediawiki/mediawiki 1.6.5
mediawiki/mediawiki 1.6.5_r14348
mediawiki/mediawiki 1.6.6
mediawiki/mediawiki 1.7.0
mediawiki/mediawiki 1.7.1
... and 4 more
Published Jan 11, 2007
Tracked Since Feb 18, 2026