Vulnerability-Lookup

CVE-2016-6333 (GCVE-0-2016-6333)

Vulnerability from cvelistv5 – Published: 2017-04-20 17:00 – Updated: 2024-08-06 01:29

Summary

Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.

Severity

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

Assigner

redhat

References

4 references

URL	Tags
https://lists.wikimedia.org/pipermail/mediawiki-a…	mailing-listx_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1369613	x_refsource_CONFIRM
https://phabricator.wikimedia.org/T133147	x_refsource_CONFIRM
http://www.securityfocus.com/bid/98053	vdb-entryx_refsource_BID

Date Public

2016-08-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:19.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T133147"
          },
          {
            "name": "98053",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98053"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-28T09:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T133147"
        },
        {
          "name": "98053",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98053"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-6333",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
            },
            {
              "name": "https://phabricator.wikimedia.org/T133147",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T133147"
            },
            {
              "name": "98053",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98053"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6333",
    "datePublished": "2017-04-20T17:00:00.000Z",
    "dateReserved": "2016-07-26T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:29:19.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2016-6333",
      "date": "2026-06-05",
      "epss": "0.00335",
      "percentile": "0.56614"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6333\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2017-04-20T17:59:00.633\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad XSS en la funci\u00f3n de vista previa de subp\u00e1ginas de usuario CSS en MediaWiki en versiones anteriores a 1.23.15, 1.26.x en versiones anteriores a 1.26.4 y 1.27.x en versiones anteriores a 1.27.1 permite atacantes remotos inyectar secuencias de comandos web o HTML arbitraria a trav\u00e9s del cuadro de edici\u00f3n en Special: MyPage / common.css.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.23.14\",\"matchCriteriaId\":\"F26807BC-B2F2-480D-B5B1-C2D64933A0C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B418525-DAC2-461A-B931-BED05CC3AFBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C238723-5592-4F0F-869D-91B64DD14FBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22685E70-3EE0-484B-8A4C-139C28BDD2B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BD0A725-B06B-456D-8A8B-9DA5468935FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ED98FFC-4397-4F27-AC36-BB7A42A92F89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F75E06F7-6D23-4BEB-80B4-3DE33193CA95\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/98053\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1369613\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://phabricator.wikimedia.org/T133147\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/98053\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1369613\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://phabricator.wikimedia.org/T133147\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2017-06565

Vulnerability from cnvd - Published: 2017-05-16

Title

MediaWiki跨站脚本漏洞（CNVD-2017-06565）

Description

MediaWiki是美国维基媒体（Wikimedia）基金会和MediaWiki志愿者共同开发维护的一套自由免费的基于网络的Wiki引擎，它可用于部署内部的知识管理和内容管理系统。 MediaWiki中的CSS用户子页面预览功能存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意Web脚本或HTML。

Severity

中

Patch Name

MediaWiki跨站脚本漏洞（CNVD-2017-06565）的补丁

Patch Description

MediaWiki是美国维基媒体（Wikimedia）基金会和MediaWiki志愿者共同开发维护的一套自由免费的基于网络的Wiki引擎，它可用于部署内部的知识管理和内容管理系统。 MediaWiki中的CSS用户子页面预览功能存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意Web脚本或HTML。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1369613

Impacted products

Name
['MediaWiki Mediawiki 1.27.1', 'MediaWiki Mediawiki 1.26.4', 'MediaWiki Mediawiki 1.23.15']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6333",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6333"
    }
  },
  "description": "MediaWiki\u662f\u7f8e\u56fd\u7ef4\u57fa\u5a92\u4f53\uff08Wikimedia\uff09\u57fa\u91d1\u4f1a\u548cMediaWiki\u5fd7\u613f\u8005\u5171\u540c\u5f00\u53d1\u7ef4\u62a4\u7684\u4e00\u5957\u81ea\u7531\u514d\u8d39\u7684\u57fa\u4e8e\u7f51\u7edc\u7684Wiki\u5f15\u64ce\uff0c\u5b83\u53ef\u7528\u4e8e\u90e8\u7f72\u5185\u90e8\u7684\u77e5\u8bc6\u7ba1\u7406\u548c\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nMediaWiki\u4e2d\u7684CSS\u7528\u6237\u5b50\u9875\u9762\u9884\u89c8\u529f\u80fd\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002",
  "discovererName": "Jeremy Choi",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-06565",
  "openTime": "2017-05-16",
  "patchDescription": "MediaWiki\u662f\u7f8e\u56fd\u7ef4\u57fa\u5a92\u4f53\uff08Wikimedia\uff09\u57fa\u91d1\u4f1a\u548cMediaWiki\u5fd7\u613f\u8005\u5171\u540c\u5f00\u53d1\u7ef4\u62a4\u7684\u4e00\u5957\u81ea\u7531\u514d\u8d39\u7684\u57fa\u4e8e\u7f51\u7edc\u7684Wiki\u5f15\u64ce\uff0c\u5b83\u53ef\u7528\u4e8e\u90e8\u7f72\u5185\u90e8\u7684\u77e5\u8bc6\u7ba1\u7406\u548c\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nMediaWiki\u4e2d\u7684CSS\u7528\u6237\u5b50\u9875\u9762\u9884\u89c8\u529f\u80fd\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "MediaWiki\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2017-06565\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "MediaWiki Mediawiki 1.27.1",
      "MediaWiki Mediawiki 1.26.4",
      "MediaWiki Mediawiki 1.23.15"
    ]
  },
  "referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613",
  "serverity": "\u4e2d",
  "submitTime": "2017-04-25",
  "title": "MediaWiki\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2017-06565\uff09"
}

FKIE_CVE-2016-6333

Vulnerability from fkie_nvd - Published: 2017-04-20 17:59 - Updated: 2026-05-13 00:24

Severity

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
secalert@redhat.com	http://www.securityfocus.com/bid/98053
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	Issue Tracking
secalert@redhat.com	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T133147	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98053
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T133147	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.26.0
mediawiki	mediawiki	1.26.1
mediawiki	mediawiki	1.26.2
mediawiki	mediawiki	1.26.3
mediawiki	mediawiki	1.26.4
mediawiki	mediawiki	1.27.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26807BC-B2F2-480D-B5B1-C2D64933A0C8",
              "versionEndIncluding": "1.23.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C238723-5592-4F0F-869D-91B64DD14FBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22685E70-3EE0-484B-8A4C-139C28BDD2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD0A725-B06B-456D-8A8B-9DA5468935FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED98FFC-4397-4F27-AC36-BB7A42A92F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75E06F7-6D23-4BEB-80B4-3DE33193CA95",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en la funci\u00f3n de vista previa de subp\u00e1ginas de usuario CSS en MediaWiki en versiones anteriores a 1.23.15, 1.26.x en versiones anteriores a 1.26.4 y 1.27.x en versiones anteriores a 1.27.1 permite atacantes remotos inyectar secuencias de comandos web o HTML arbitraria a trav\u00e9s del cuadro de edici\u00f3n en Special: MyPage / common.css."
    }
  ],
  "id": "CVE-2016-6333",
  "lastModified": "2026-05-13T00:24:29.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-20T17:59:00.633",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/98053"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T133147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/98053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T133147"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-HXWM-9F7G-WG4H

Vulnerability from github – Published: 2022-05-17 02:47 – Updated: 2022-05-17 02:47

Details

Severity

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6333"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-20T17:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.",
  "id": "GHSA-hxwm-9f7g-wg4h",
  "modified": "2022-05-17T02:47:20Z",
  "published": "2022-05-17T02:47:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6333"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "type": "WEB",
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "type": "WEB",
      "url": "https://phabricator.wikimedia.org/T133147"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98053"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-6333

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6333

Aliases

CVE-2016-6333

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6333",
    "description": "Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.",
    "id": "GSD-2016-6333",
    "references": [
      "https://advisories.mageia.org/CVE-2016-6333.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6333"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.",
      "id": "GSD-2016-6333",
      "modified": "2023-12-13T01:21:23.529670Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2016-6333",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
            "refsource": "MLIST",
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
          },
          {
            "name": "https://phabricator.wikimedia.org/T133147",
            "refsource": "CONFIRM",
            "url": "https://phabricator.wikimedia.org/T133147"
          },
          {
            "name": "98053",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/98053"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.23.14",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-6333"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T133147",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://phabricator.wikimedia.org/T133147"
            },
            {
              "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
            },
            {
              "name": "98053",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/98053"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2017-04-29T01:59Z",
      "publishedDate": "2017-04-20T17:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6333 (GCVE-0-2016-6333)

CNVD-2017-06565

FKIE_CVE-2016-6333

GHSA-HXWM-9F7G-WG4H

GSD-2016-6333

Tags

Sightings

Nomenclature