CVE-2008-5249

MediaWiki <1.13.3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (7)

[Patch, Vendor Advisory] http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html

[Vendor Advisory] http://secunia.com/advisories/33133

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/32844

[Third Party Advisory] http://www.debian.org/security/2009/dsa-1901

[Third Party Advisory] http://secunia.com/advisories/33349

Scores

EPSS 0.0044

EPSS Percentile 62.9%

Classification

CWE

CWE-79

Status published

Affected Products (4)

mediawiki/mediawiki

n/a/n/a

Timeline

Published Dec 19, 2008

Tracked Since Feb 18, 2026