CVE-2010-2788

medium

Description

Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

References

https://bugzilla.redhat.com/show_bug.cgi?id=620226

https://bugzilla.redhat.com/show_bug.cgi?id=620225

http://www.securityfocus.com/bid/42024

http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69984

http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69952

http://openwall.com/lists/oss-security/2010/07/29/4

http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html

Details

Source: Mitre, NVD

Published: 2011-04-27

Updated: 2011-09-07

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

Detections

Analytics