CVE-2015-2932: XSS
First published: Mon Apr 13 2015(Updated: )
Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaWiki | <=1.19.23 | |
| MediaWiki | =1.20 | |
| MediaWiki | =1.20.1 | |
| MediaWiki | =1.20.2 | |
| MediaWiki | =1.20.3 | |
| MediaWiki | =1.20.4 | |
| MediaWiki | =1.20.5 | |
| MediaWiki | =1.20.6 | |
| MediaWiki | =1.20.7 | |
| MediaWiki | =1.20.8 | |
| MediaWiki | =1.21 | |
| MediaWiki | =1.21.1 | |
| MediaWiki | =1.21.2 | |
| MediaWiki | =1.21.3 | |
| MediaWiki | =1.21.4 | |
| MediaWiki | =1.21.5 | |
| MediaWiki | =1.21.6 | |
| MediaWiki | =1.21.7 | |
| MediaWiki | =1.21.8 | |
| MediaWiki | =1.21.9 | |
| MediaWiki | =1.21.10 | |
| MediaWiki | =1.21.11 | |
| MediaWiki | =1.22.0 | |
| MediaWiki | =1.22.1 | |
| MediaWiki | =1.22.2 | |
| MediaWiki | =1.22.3 | |
| MediaWiki | =1.22.4 | |
| MediaWiki | =1.22.5 | |
| MediaWiki | =1.22.6 | |
| MediaWiki | =1.22.7 | |
| MediaWiki | =1.22.8 | |
| MediaWiki | =1.22.9 | |
| MediaWiki | =1.22.10 | |
| MediaWiki | =1.22.11 | |
| MediaWiki | =1.22.12 | |
| MediaWiki | =1.22.13 | |
| MediaWiki | =1.22.14 | |
| MediaWiki | =1.22.15 | |
| MediaWiki | =1.23.0 | |
| MediaWiki | =1.23.1 | |
| MediaWiki | =1.23.2 | |
| MediaWiki | =1.23.3 | |
| MediaWiki | =1.23.4 | |
| MediaWiki | =1.23.5 | |
| MediaWiki | =1.23.6 | |
| MediaWiki | =1.23.7 | |
| MediaWiki | =1.23.8 | |
| MediaWiki | =1.24.0 | |
| MediaWiki | =1.24.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
- http://www.openwall.com/lists/oss-security/2015/04/01/1
- http://www.openwall.com/lists/oss-security/2015/04/07/3
- http://www.securityfocus.com/bid/73477
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- https://phabricator.wikimedia.org/T86711
- https://security.gentoo.org/glsa/201510-05
Frequently Asked Questions
What is the severity of CVE-2015-2932?
CVE-2015-2932 has a medium severity rating due to the risk of remote code execution through arbitrary web script or HTML injection.
How do I fix CVE-2015-2932?
To fix CVE-2015-2932, upgrade your MediaWiki installation to version 1.19.24, 1.23.9, or 1.24.2 or later.
Who is affected by CVE-2015-2932?
CVE-2015-2932 affects all versions of MediaWiki prior to 1.19.24, 1.23.9, and 1.24.2.
What types of attacks can occur due to CVE-2015-2932?
CVE-2015-2932 allows remote attackers to inject arbitrary web scripts or HTML through specific XLink elements.
Is there a patch available for CVE-2015-2932?
Yes, a patch is included in the fixed versions of MediaWiki, which users must update to address the vulnerability.
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mediawiki
- canonical/mediawiki
- version/mediawiki/1.19.23
- version/mediawiki/1.20
- version/mediawiki/1.20.1
- version/mediawiki/1.20.2
- version/mediawiki/1.20.3
- version/mediawiki/1.20.4
- version/mediawiki/1.20.5
- version/mediawiki/1.20.6
- version/mediawiki/1.20.7
- version/mediawiki/1.20.8
- version/mediawiki/1.21
- version/mediawiki/1.21.1
- version/mediawiki/1.21.2
- version/mediawiki/1.21.3
- version/mediawiki/1.21.4
- version/mediawiki/1.21.5
- version/mediawiki/1.21.6
- version/mediawiki/1.21.7
- version/mediawiki/1.21.8
- version/mediawiki/1.21.9
- version/mediawiki/1.21.10
- version/mediawiki/1.21.11
- version/mediawiki/1.22.0
- version/mediawiki/1.22.1
- version/mediawiki/1.22.2
- version/mediawiki/1.22.3
- version/mediawiki/1.22.4
- version/mediawiki/1.22.5
- version/mediawiki/1.22.6
- version/mediawiki/1.22.7
- version/mediawiki/1.22.8
- version/mediawiki/1.22.9
- version/mediawiki/1.22.10
- version/mediawiki/1.22.11
- version/mediawiki/1.22.12
- version/mediawiki/1.22.13
- version/mediawiki/1.22.14
- version/mediawiki/1.22.15
- version/mediawiki/1.23.0
- version/mediawiki/1.23.1
- version/mediawiki/1.23.2
- version/mediawiki/1.23.3
- version/mediawiki/1.23.4
- version/mediawiki/1.23.5
- version/mediawiki/1.23.6
- version/mediawiki/1.23.7
- version/mediawiki/1.23.8
- version/mediawiki/1.24.0
- version/mediawiki/1.24.1