Description
MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."
References (7)
Core 7
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39656
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2010/dsa-2022
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0685
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39022
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1001
Scores
EPSS
0.0038
EPSS Percentile
59.7%
Details
CWE
CWE-20
Status
published
Products (42)
mediawiki/mediawiki
1.1.0
mediawiki/mediawiki
1.2.0
mediawiki/mediawiki
1.2.1
mediawiki/mediawiki
1.2.2
mediawiki/mediawiki
1.2.3
mediawiki/mediawiki
1.2.4
mediawiki/mediawiki
1.2.5
mediawiki/mediawiki
1.2.6
mediawiki/mediawiki
1.3
mediawiki/mediawiki
1.3.0
... and 32 more
Published
Mar 31, 2010
Tracked Since
Feb 18, 2026