Search criteria
2 vulnerabilities found for mediawik by mediawiki
CVE-2009-4589 (GCVE-0-2009-4589)
Vulnerability from nvd – Published: 2010-01-07 18:13 – Updated: 2024-08-07 07:08
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/35662 | vdb-entryx_refsource_BID |
| http://osvdb.org/55824 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/35818 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.wikimedia.org/show_bug.cgi?id=19693 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/1882 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.wikimedia.org/pipermail/mediawiki-an… | mailing-listx_refsource_MLIST |
Date Public
2009-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35662",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35662"
},
{
"name": "55824",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55824"
},
{
"name": "35818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35818"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=19693"
},
{
"name": "ADV-2009-1882",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1882"
},
{
"name": "mediawiki-specialblocks-xss(51687)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51687"
},
{
"name": "[mediawiki-announce] 20090713 MediaWiki security update: 1.15.1 and 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35662",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35662"
},
{
"name": "55824",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55824"
},
{
"name": "35818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35818"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=19693"
},
{
"name": "ADV-2009-1882",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1882"
},
{
"name": "mediawiki-specialblocks-xss(51687)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51687"
},
{
"name": "[mediawiki-announce] 20090713 MediaWiki security update: 1.15.1 and 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35662"
},
{
"name": "55824",
"refsource": "OSVDB",
"url": "http://osvdb.org/55824"
},
{
"name": "35818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35818"
},
{
"name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=19693",
"refsource": "CONFIRM",
"url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=19693"
},
{
"name": "ADV-2009-1882",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1882"
},
{
"name": "mediawiki-specialblocks-xss(51687)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51687"
},
{
"name": "[mediawiki-announce] 20090713 MediaWiki security update: 1.15.1 and 1.14.1",
"refsource": "MLIST",
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4589",
"datePublished": "2010-01-07T18:13:00.000Z",
"dateReserved": "2010-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:08:38.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4589 (GCVE-0-2009-4589)
Vulnerability from cvelistv5 – Published: 2010-01-07 18:13 – Updated: 2024-08-07 07:08
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/35662 | vdb-entryx_refsource_BID |
| http://osvdb.org/55824 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/35818 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.wikimedia.org/show_bug.cgi?id=19693 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/1882 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.wikimedia.org/pipermail/mediawiki-an… | mailing-listx_refsource_MLIST |
Date Public
2009-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35662",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35662"
},
{
"name": "55824",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55824"
},
{
"name": "35818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35818"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=19693"
},
{
"name": "ADV-2009-1882",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1882"
},
{
"name": "mediawiki-specialblocks-xss(51687)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51687"
},
{
"name": "[mediawiki-announce] 20090713 MediaWiki security update: 1.15.1 and 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35662",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35662"
},
{
"name": "55824",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55824"
},
{
"name": "35818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35818"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=19693"
},
{
"name": "ADV-2009-1882",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1882"
},
{
"name": "mediawiki-specialblocks-xss(51687)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51687"
},
{
"name": "[mediawiki-announce] 20090713 MediaWiki security update: 1.15.1 and 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35662"
},
{
"name": "55824",
"refsource": "OSVDB",
"url": "http://osvdb.org/55824"
},
{
"name": "35818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35818"
},
{
"name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=19693",
"refsource": "CONFIRM",
"url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=19693"
},
{
"name": "ADV-2009-1882",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1882"
},
{
"name": "mediawiki-specialblocks-xss(51687)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51687"
},
{
"name": "[mediawiki-announce] 20090713 MediaWiki security update: 1.15.1 and 1.14.1",
"refsource": "MLIST",
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4589",
"datePublished": "2010-01-07T18:13:00.000Z",
"dateReserved": "2010-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:08:38.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}