Detections
Analytics

CVE-2010-1189

medium

Description

MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."

References

http://www.vupen.com/english/advisories/2010/1001

http://www.vupen.com/english/advisories/2010/0685

http://www.debian.org/security/2010/dsa-2022

http://secunia.com/advisories/39656

http://secunia.com/advisories/39022

http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html

Details

Source: Mitre, NVD

Published: 2010-03-31

Updated: 2010-05-20

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium