CVE-2008-1318

Name	CVE-2008-1318
Description	Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severity	medium

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
mediawiki (PTS)	stretch	1:1.27.7-1~deb9u3	fixed
	stretch (security)	1:1.27.7-1~deb9u5	fixed
	buster	1:1.31.7-1~deb10u1	fixed
	buster (security)	1:1.31.10-1~deb10u1	fixed
	bullseye, sid	1:1.35.0-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
mediawiki	source	etch	(not affected)
mediawiki	source	(unstable)	1:1.11.2-1

Notes

[etch] - mediawiki <not-affected> (Versions prior to 1.11 do not include callback feature)
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html