CVE-2008-4408
MediaWiki < 1.13.2 - Cross-Site Scripting via useskin Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.
References (11)
Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45632
Various Sources x_refsource_confirm
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00220.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00179.html
Various Sources mailing-list
x_refsource_mlist
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html
Various Sources x_refsource_confirm
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2008/10/02/3
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31540
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32128
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2737
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32131
Scores
EPSS
0.0069
EPSS Percentile
72.0%
Details
CWE
CWE-79
Status
published
Products (2)
mediawiki/mediawiki
1.12.0
mediawiki/mediawiki
1.13.1
Published
Oct 03, 2008
Tracked Since
Feb 18, 2026