CVE-2006-2895

Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-June/000048.html	Patch
http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES	Patch
http://secunia.com/advisories/20458	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2006/2159
https://exchange.xforce.ibmcloud.com/vulnerabilities/27029

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mediawiki:mediawiki:1.6.5:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.6.5_r14348:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.6.3:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.6.4:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.6.0:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.6.6:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.6.1:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.6.2:::::::*

Information

Published : 2006-06-07 03:02

Updated : 2017-07-19 18:31

NVD link : CVE-2006-2895

Mitre link : CVE-2006-2895

JSON object : View

CWE

NVD-CWE-Other

Products Affected

mediawiki

mediawiki

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-June/000048.html", "name": "[MediaWiki-announce] 20060606 MediaWiki 1.6.7 released", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES", "name": "http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/20458", "name": "20458", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/2159", "name": "ADV-2006-2159", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27029", "name": "mediawiki-edit-form-xss(27029)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-2895", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2006-06-07T10:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.6.5_r14348:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:31Z"}

2.6 /10