Vulnerability Description
Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | 1.4.1 |
References
- http://secunia.com/advisories/17074
- http://sourceforge.net/project/shownotes.php?release_id=361505Patch
- http://www.novell.com/linux/security/advisories/2005_27_sr.html
- http://www.securityfocus.com/bid/15024
- http://secunia.com/advisories/17074
- http://sourceforge.net/project/shownotes.php?release_id=361505Patch
- http://www.novell.com/linux/security/advisories/2005_27_sr.html
- http://www.securityfocus.com/bid/15024
FAQ
What is CVE-2005-3167?
CVE-2005-3167 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, whic...
How severe is CVE-2005-3167?
CVE-2005-3167 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3167?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki.