CVE-2009-4589

MediaWiki <1.14.0,1.15.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter.

References (7)

[Various Sources] http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html

[Exploit] http://osvdb.org/55824

[Vendor Advisory] http://secunia.com/advisories/35818

[Patch] http://www.securityfocus.com/bid/35662

[Patch, Vendor Advisory] http://www.vupen.com/english/advisories/2009/1882

[Issue Tracking] https://bugzilla.wikimedia.org/show_bug.cgi?id=19693

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/51687

Scores

EPSS 0.0039

EPSS Percentile 59.5%

Classification

CWE

CWE-79

Status published

Affected Products (3)

mediawiki/mediawik

mediawiki/mediawiki

n/a/n/a

Timeline

Published Jan 07, 2010

Tracked Since Feb 18, 2026