Vulnerability Description
MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | <= 1.15.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.htmlPatchVendor Advisory
- http://secunia.com/advisories/39022Vendor Advisory
- http://secunia.com/advisories/39656
- http://www.debian.org/security/2010/dsa-2022
- http://www.vupen.com/english/advisories/2010/0685Vendor Advisory
- http://www.vupen.com/english/advisories/2010/1001
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.htmlPatchVendor Advisory
- http://secunia.com/advisories/39022Vendor Advisory
- http://secunia.com/advisories/39656
- http://www.debian.org/security/2010/dsa-2022
- http://www.vupen.com/english/advisories/2010/0685Vendor Advisory
- http://www.vupen.com/english/advisories/2010/1001
FAQ
What is CVE-2010-1189?
CVE-2010-1189 is a vulnerability with a CVSS score of 5.0 (MEDIUM). MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by addi...
How severe is CVE-2010-1189?
CVE-2010-1189 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1189?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki.