CVE-2008-5250

NameCVE-2008-5250
DescriptionCross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1901-1, DTSA-186-1
NVD severitylow (attack range: remote)
Debian Bugs508869

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mediawiki (PTS)wheezy, wheezy (security)1:1.19.20+dfsg-0+deb7u3fixed
buster, sid, stretch1:1.27.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mediawikisource(unstable)1:1.13.3-1low508869
mediawikisourceetch(not affected)
mediawikisourcelenny1:1.12.0-2lenny2lowDTSA-186-1
mediawiki1.7source(unstable)(unfixed)low
mediawiki1.7sourceetch1.7.1-9etch1lowDSA-1901-1

Notes

[etch] - mediawiki <not-affected> (metapackage)

Search for package or bug name: Reporting problems