CVE-2010-2788
MediaWiki < 1.15.5 - Cross-Site Scripting via Profile Filter Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
References (11)
Core 11
Core References
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=620225
Patch vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=620226
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
Patch mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2010/07/29/4
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/42024
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
Patch x_refsource_confirm
http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69952
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
Patch x_refsource_confirm
http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69984
Scores
EPSS
0.0068
EPSS Percentile
71.8%
Details
CWE
CWE-79
Status
published
Products (42)
mediawiki/mediawiki
1.1.0
mediawiki/mediawiki
1.2.0
mediawiki/mediawiki
1.2.1
mediawiki/mediawiki
1.2.2
mediawiki/mediawiki
1.2.3
mediawiki/mediawiki
1.2.4
mediawiki/mediawiki
1.2.5
mediawiki/mediawiki
1.2.6
mediawiki/mediawiki
1.3
mediawiki/mediawiki
1.3.0
... and 32 more
Published
Apr 27, 2011
Tracked Since
Feb 18, 2026