CVE-2007-0177

Published: Jan 11, 2007Modified: Apr 23, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (14)

Products: Mediawiki: Mediawiki

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Mediawiki Mediawiki	Version 1.6.0
Mediawiki Mediawiki	Version 1.6.1
Mediawiki Mediawiki	Version 1.6.2
Mediawiki Mediawiki	Version 1.6.3
Mediawiki Mediawiki	Version 1.6.4
Mediawiki Mediawiki	Version 1.6.5
Mediawiki Mediawiki	Version 1.6.5_r14348
Mediawiki Mediawiki	Version 1.6.6
Mediawiki Mediawiki	Version 1.7.0
Mediawiki Mediawiki	Version 1.7.1
Mediawiki Mediawiki	Version 1.8.0
Mediawiki Mediawiki	Version 1.8.1
Mediawiki Mediawiki	Version 1.8.2
Mediawiki Mediawiki	Version 1.9.0 rc2

References (24)

http://osvdb.org/31525

Source: cve@mitre.org

http://secunia.com/advisories/23647

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/24889

Source: cve@mitre.org

http://sourceforge.net/forum/forum.php?forum_id=652721

Source: cve@mitre.org

PatchVendor Advisory

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES

Source: cve@mitre.org

PatchVendor Advisory

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES

Source: cve@mitre.org

PatchVendor Advisory

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES

Source: cve@mitre.org

PatchVendor Advisory

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES

Source: cve@mitre.org

PatchVendor Advisory

http://www.novell.com/linux/security/advisories/2007_6_sr.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/21956

Source: cve@mitre.org

PatchVendor Advisory

http://www.vupen.com/english/advisories/2007/0096

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/31359

Source: cve@mitre.org

http://osvdb.org/31525

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/23647

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/24889

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/forum/forum.php?forum_id=652721

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.novell.com/linux/security/advisories/2007_6_sr.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/21956

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.vupen.com/english/advisories/2007/0096

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/31359

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.