CVE-2010-2788

MediaWiki <1.15.5 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

References (11)

[Patch] http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html

[Patch, Vendor Advisory] http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html

[Patch] http://openwall.com/lists/oss-security/2010/07/29/4

[Patch] http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69952

[Patch] http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69984

[Patch] https://bugzilla.redhat.com/show_bug.cgi?id=620225

[Patch] https://bugzilla.redhat.com/show_bug.cgi?id=620226

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/42024

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html

Scores

EPSS 0.0068

EPSS Percentile 71.3%

Classification

CWE

CWE-79

Status published

Affected Products (50)

mediawiki/mediawiki < 1.15.4

mediawiki/mediawiki

... and 35 more

Timeline

Published Apr 27, 2011

Tracked Since Feb 18, 2026