Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | 1.3.5 |
References
- http://sourceforge.net/project/shownotes.php?release_id=275099
- http://www.securityfocus.com/bid/11416Patch
- http://sourceforge.net/project/shownotes.php?release_id=275099
- http://www.securityfocus.com/bid/11416Patch
FAQ
What is CVE-2004-2185?
CVE-2004-2185 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views...
How severe is CVE-2004-2185?
CVE-2004-2185 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2185?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki.