CVE-2008-4408: XSS
First published: Fri Oct 03 2008(Updated: )
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaWiki | =1.12.0 | |
| MediaWiki | =1.13.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html
- http://openwall.com/lists/oss-security/2008/10/02/3
- http://secunia.com/advisories/32128
- http://secunia.com/advisories/32131
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES
- http://www.securityfocus.com/bid/31540
- http://www.vupen.com/english/advisories/2008/2737
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45632
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00179.html
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00220.html
Frequently Asked Questions
What is the severity of CVE-2008-4408?
The severity of CVE-2008-4408 is considered moderate due to its potential for cross-site scripting attacks.
How do I fix CVE-2008-4408?
To fix CVE-2008-4408, upgrade MediaWiki to version 1.13.2 or later.
What versions of MediaWiki are affected by CVE-2008-4408?
CVE-2008-4408 affects MediaWiki versions 1.12.0 and 1.13.1.
Can CVE-2008-4408 be exploited remotely?
Yes, CVE-2008-4408 can be exploited remotely by attackers through the useskin parameter.
What is the nature of the vulnerability in CVE-2008-4408?
CVE-2008-4408 is a cross-site scripting (XSS) vulnerability that allows for the injection of arbitrary web scripts or HTML.
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mediawiki
- canonical/mediawiki
- version/mediawiki/1.12.0
- version/mediawiki/1.13.1