4.3
CVE-2006-2611
- EPSS 1.85%
- Veröffentlicht 26.05.2006 01:06:00
- Zuletzt bearbeitet 16.06.2026 22:25:24
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.85% | 0.763 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://bugzilla.wikimedia.org/show_bug.cgi?id=6055
http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html
http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html
http://nickj.org/MediaWiki
http://secunia.com/advisories/20189
http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349
http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349
http://www.osvdb.org/25713
http://www.vupen.com/english/advisories/2006/1926
https://exchange.xforce.ibmcloud.com/vulnerabilities/26646