Vulnerability-Lookup

CVE-2015-6729 (GCVE-0-2015-6729)

Vulnerability from cvelistv5 – Published: 2015-09-01 14:00 – Updated: 2024-08-06 07:29

Summary

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisoryx_refsource_GENTOO
	http://www.openwall.com/lists/oss-security/2015/08/27/6	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/08/12/6	mailing-listx_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-a…	mailing-listx_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.securityfocus.com/bid/76334	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:29:24.496Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
          },
          {
            "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
          },
          {
            "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
          },
          {
            "name": "FEDORA-2015-13920",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
          },
          {
            "name": "76334",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76334"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
        },
        {
          "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
        },
        {
          "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
        },
        {
          "name": "FEDORA-2015-13920",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
        },
        {
          "name": "76334",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76334"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-6729",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
            },
            {
              "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
            },
            {
              "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
            },
            {
              "name": "FEDORA-2015-13920",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
            },
            {
              "name": "76334",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76334"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-6729",
    "datePublished": "2015-09-01T14:00:00",
    "dateReserved": "2015-08-27T00:00:00",
    "dateUpdated": "2024-08-06T07:29:24.496Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-6729\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-09-01T14:59:07.277\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en thumb.php en MediaWiki en versiones anteriores 1.23.10, 1.24.x en versiones anteriores 1.24.3 y 1.25.x en versiones anteriores a 1.25.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro rel404, el cual no es manejado correctamente en una p\u00e1gina de error.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.23.9\",\"matchCriteriaId\":\"05064578-51CC-482B-A135-42522AA50F0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B21EB21-AE87-48BF-B4A1-5E63A2E116B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6C00423-B3FE-485A-9014-22F409DBD377\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E90C95FB-71CA-4CA1-935D-58A08244A81F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9129F374-93CB-43CE-A3B2-DB6483514F32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE125142-10A2-4ACF-9BA4-44E63C1E5DB6\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/08/12/6\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/08/27/6\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/76334\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201510-05\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/08/12/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/08/27/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/76334\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201510-05\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2015-6729

Vulnerability from fkie_nvd - Published: 2015-09-01 14:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/12/6
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/27/6
cve@mitre.org	http://www.securityfocus.com/bid/76334
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/12/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/27/6
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/76334
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05064578-51CC-482B-A135-42522AA50F0A",
              "versionEndIncluding": "1.23.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en thumb.php en MediaWiki en versiones anteriores 1.23.10, 1.24.x en versiones anteriores 1.24.3 y 1.25.x en versiones anteriores a 1.25.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro rel404, el cual no es manejado correctamente en una p\u00e1gina de error."
    }
  ],
  "id": "CVE-2015-6729",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-09-01T14:59:07.277",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/76334"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2015-05878

Vulnerability from cnvd - Published: 2015-09-09

Title

MediaWiki跨站脚本漏洞（CNVD-2015-05878）

Description

MediaWiki是美国维基媒体（Wikimedia）基金会和MediaWiki志愿者共同开发维护的一套自由免费的基于网络的Wiki引擎，它可用于部署内部的知识管理和内容管理系统。 MediaWiki存在跨站脚本漏洞，允许远程攻击者通过rel404参数不正确处理错误页中注入任意web脚本或HTML。

Severity

中

Patch Name

MediaWiki跨站脚本漏洞（CNVD-2015-05878）的补丁

Patch Description

MediaWiki是美国维基媒体（Wikimedia）基金会和MediaWiki志愿者共同开发维护的一套自由免费的基于网络的Wiki引擎，它可用于部署内部的知识管理和内容管理系统。 MediaWiki存在跨站脚本漏洞，允许远程攻击者通过rel404参数不正确处理错误页中注入任意web脚本或HTML。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html

Impacted products

Name
['MediaWiki MediaWiki 1.25.2', 'MediaWiki MediaWiki 1.24.3', 'MediaWiki MediaWiki <1.23.10', 'MediaWiki Mediawiki 1.24.x(<1.25.2)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-6729"
    }
  },
  "description": "MediaWiki\u662f\u7f8e\u56fd\u7ef4\u57fa\u5a92\u4f53\uff08Wikimedia\uff09\u57fa\u91d1\u4f1a\u548cMediaWiki\u5fd7\u613f\u8005\u5171\u540c\u5f00\u53d1\u7ef4\u62a4\u7684\u4e00\u5957\u81ea\u7531\u514d\u8d39\u7684\u57fa\u4e8e\u7f51\u7edc\u7684Wiki\u5f15\u64ce\uff0c\u5b83\u53ef\u7528\u4e8e\u90e8\u7f72\u5185\u90e8\u7684\u77e5\u8bc6\u7ba1\u7406\u548c\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nMediaWiki\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7rel404\u53c2\u6570\u4e0d\u6b63\u786e\u5904\u7406\u9519\u8bef\u9875\u4e2d\u6ce8\u5165\u4efb\u610fweb\u811a\u672c\u6216HTML\u3002",
  "discovererName": "Mediawiki",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-05878",
  "openTime": "2015-09-09",
  "patchDescription": "MediaWiki\u662f\u7f8e\u56fd\u7ef4\u57fa\u5a92\u4f53\uff08Wikimedia\uff09\u57fa\u91d1\u4f1a\u548cMediaWiki\u5fd7\u613f\u8005\u5171\u540c\u5f00\u53d1\u7ef4\u62a4\u7684\u4e00\u5957\u81ea\u7531\u514d\u8d39\u7684\u57fa\u4e8e\u7f51\u7edc\u7684Wiki\u5f15\u64ce\uff0c\u5b83\u53ef\u7528\u4e8e\u90e8\u7f72\u5185\u90e8\u7684\u77e5\u8bc6\u7ba1\u7406\u548c\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nMediaWiki\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7rel404\u53c2\u6570\u4e0d\u6b63\u786e\u5904\u7406\u9519\u8bef\u9875\u4e2d\u6ce8\u5165\u4efb\u610fweb\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "MediaWiki\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2015-05878\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "MediaWiki MediaWiki 1.25.2",
      "MediaWiki MediaWiki 1.24.3",
      "MediaWiki MediaWiki \u003c1.23.10",
      "MediaWiki Mediawiki 1.24.x(\u003c1.25.2)"
    ]
  },
  "referenceLink": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html",
  "serverity": "\u4e2d",
  "submitTime": "2015-09-06",
  "title": "MediaWiki\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2015-05878\uff09"
}

CERTFR-2015-AVI-370

Vulnerability from certfr_avis - Published: 2015-09-07 - Updated: 2015-09-07

De multiples vulnérabilités ont été corrigées dans MediaWiki. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mediawiki	MediaWiki	MediaWiki versions 1.24.X antérieures à 1.24.3
Mediawiki	MediaWiki	MediaWiki versions 1.25.X antérieures à 1.25.2
Mediawiki	MediaWiki	MediaWiki versions 1.23.X antérieures à 1.23.10

References

Title

Publication Time

GSD-2015-6729

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-6729

Aliases

CVE-2015-6729

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-6729",
    "description": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.",
    "id": "GSD-2015-6729"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-6729"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.",
      "id": "GSD-2015-6729",
      "modified": "2023-12-13T01:20:04.108407Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-6729",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-201510-05",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
          },
          {
            "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
          },
          {
            "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
            "refsource": "MLIST",
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
          },
          {
            "name": "FEDORA-2015-13920",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
          },
          {
            "name": "76334",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/76334"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.23.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-6729"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
            },
            {
              "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
            },
            {
              "name": "FEDORA-2015-13920",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
            },
            {
              "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
            },
            {
              "name": "76334",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/76334"
            },
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201510-05"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2016-12-07T18:21Z",
      "publishedDate": "2015-09-01T14:59Z"
    }
  }
}

GHSA-96WQ-382G-99VW

Vulnerability from github – Published: 2022-05-17 03:26 – Updated: 2022-05-17 03:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-6729"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-09-01T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.",
  "id": "GHSA-96wq-382g-99vw",
  "modified": "2022-05-17T03:26:27Z",
  "published": "2022-05-17T03:26:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6729"
    },
    {
      "type": "WEB",
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/76334"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-6729 (GCVE-0-2015-6729)

FKIE_CVE-2015-6729

CNVD-2015-05878

CERTFR-2015-AVI-370

Contournement provisoire

GSD-2015-6729

GHSA-96WQ-382G-99VW

Tags

Sightings

Nomenclature