CVE-2009-0737

MediaWiki 1.6-1.6.12 1.12-1.12.4 1.13-1.13.4 - Cross-Site Scripting in Web-Based Installer

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (8)

Core 8

Core References

Vendor Advisory x_refsource_confirm

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_12/phase3/RELEASE-NOTES

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2009/dsa-1901

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33881

Vendor Advisory x_refsource_confirm

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_4/phase3/RELEASE-NOTES

Patch mailing-list x_refsource_mlist

http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-February/000083.html

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33681

Vendor Advisory x_refsource_confirm

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/0368

Scores

EPSS 0.0053

EPSS Percentile 67.2%

Details

CWE

CWE-79

Status published

Products (20)

mediawiki/mediawiki 1.6.0

mediawiki/mediawiki 1.6.1

mediawiki/mediawiki 1.6.2

mediawiki/mediawiki 1.6.3

mediawiki/mediawiki 1.6.4

mediawiki/mediawiki 1.6.5

mediawiki/mediawiki 1.6.6

mediawiki/mediawiki 1.6.7

mediawiki/mediawiki 1.6.8

mediawiki/mediawiki 1.6.9

... and 10 more

Published Feb 25, 2009

Tracked Since Feb 18, 2026