Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page.
Metrics
No CVSS v4.0
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:N/AC:M/Au:N/C:N/I:P/A:N
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Mediawiki |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2012-06-29T19:00:00
Updated: 2024-08-06T19:42:31.984Z
Reserved: 2012-05-14T00:00:00
Link: CVE-2012-2698
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-06-29T19:55:05.483
Modified: 2024-11-21T01:39:28.197
Link: CVE-2012-2698
Redhat
No data.