What is the severity of CVE-2015-2941?

CVE-2015-2941 is considered a medium severity vulnerability due to its potential for remote exploitation via cross-site scripting.

How do I fix CVE-2015-2941?

To fix CVE-2015-2941, upgrade MediaWiki to version 1.19.24, 1.23.9, or 1.24.2 or later.

What types of systems are affected by CVE-2015-2941?

CVE-2015-2941 affects MediaWiki versions prior to 1.19.24, various 1.20.x versions, 1.21.x versions, 1.22.x versions, and 1.23.x versions, specifically when using HHVM.

What kind of attacks can exploit CVE-2015-2941?

CVE-2015-2941 can be exploited for cross-site scripting (XSS) attacks, allowing attackers to inject arbitrary web scripts or HTML.

Is there a workaround for CVE-2015-2941 if I cannot upgrade?

If you cannot upgrade, you can try to limit access to the affected API endpoints or implement input validation to mitigate potential XSS risks.

Vulnerability/
CVE-2015-2941

medium

4.3

CWE

13/4/2015

6/8/2024

CVE-2015-2941: XSS

First published: Mon Apr 13 2015(Updated: )

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
MediaWiki	<=1.19.23
MediaWiki	=1.20
MediaWiki	=1.20.1
MediaWiki	=1.20.2
MediaWiki	=1.20.3
MediaWiki	=1.20.4
MediaWiki	=1.20.5
MediaWiki	=1.20.6
MediaWiki	=1.20.7
MediaWiki	=1.20.8
MediaWiki	=1.21
MediaWiki	=1.21.1
MediaWiki	=1.21.2
MediaWiki	=1.21.3
MediaWiki	=1.21.4
MediaWiki	=1.21.5
MediaWiki	=1.21.6
MediaWiki	=1.21.7
MediaWiki	=1.21.8
MediaWiki	=1.21.9
MediaWiki	=1.21.10
MediaWiki	=1.21.11
MediaWiki	=1.22.0
MediaWiki	=1.22.1
MediaWiki	=1.22.2
MediaWiki	=1.22.3
MediaWiki	=1.22.4
MediaWiki	=1.22.5
MediaWiki	=1.22.6
MediaWiki	=1.22.7
MediaWiki	=1.22.8
MediaWiki	=1.22.9
MediaWiki	=1.22.10
MediaWiki	=1.22.11
MediaWiki	=1.22.12
MediaWiki	=1.22.13
MediaWiki	=1.22.14
MediaWiki	=1.22.15
MediaWiki	=1.23.0
MediaWiki	=1.23.1
MediaWiki	=1.23.2
MediaWiki	=1.23.3
MediaWiki	=1.23.4
MediaWiki	=1.23.5
MediaWiki	=1.23.6
MediaWiki	=1.23.7
MediaWiki	=1.23.8
MediaWiki	=1.24.0
MediaWiki	=1.24.1

Remedy

https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-2941?
CVE-2015-2941 is considered a medium severity vulnerability due to its potential for remote exploitation via cross-site scripting.
How do I fix CVE-2015-2941?
To fix CVE-2015-2941, upgrade MediaWiki to version 1.19.24, 1.23.9, or 1.24.2 or later.
What types of systems are affected by CVE-2015-2941?
CVE-2015-2941 affects MediaWiki versions prior to 1.19.24, various 1.20.x versions, 1.21.x versions, 1.22.x versions, and 1.23.x versions, specifically when using HHVM.
What kind of attacks can exploit CVE-2015-2941?
CVE-2015-2941 can be exploited for cross-site scripting (XSS) attacks, allowing attackers to inject arbitrary web scripts or HTML.
Is there a workaround for CVE-2015-2941 if I cannot upgrade?
If you cannot upgrade, you can try to limit access to the affected API endpoints or implement input validation to mitigate potential XSS risks.

agent/references
agent/type
agent/severity
agent/author
agent/remedy
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/weakness
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/mediawiki
canonical/mediawiki
version/mediawiki/1.19.23
version/mediawiki/1.20
version/mediawiki/1.20.1
version/mediawiki/1.20.2
version/mediawiki/1.20.3
version/mediawiki/1.20.4
version/mediawiki/1.20.5
version/mediawiki/1.20.6
version/mediawiki/1.20.7
version/mediawiki/1.20.8
version/mediawiki/1.21
version/mediawiki/1.21.1
version/mediawiki/1.21.2
version/mediawiki/1.21.3
version/mediawiki/1.21.4
version/mediawiki/1.21.5
version/mediawiki/1.21.6
version/mediawiki/1.21.7
version/mediawiki/1.21.8
version/mediawiki/1.21.9
version/mediawiki/1.21.10
version/mediawiki/1.21.11
version/mediawiki/1.22.0
version/mediawiki/1.22.1
version/mediawiki/1.22.2
version/mediawiki/1.22.3
version/mediawiki/1.22.4
version/mediawiki/1.22.5
version/mediawiki/1.22.6
version/mediawiki/1.22.7
version/mediawiki/1.22.8
version/mediawiki/1.22.9
version/mediawiki/1.22.10
version/mediawiki/1.22.11
version/mediawiki/1.22.12
version/mediawiki/1.22.13
version/mediawiki/1.22.14
version/mediawiki/1.22.15
version/mediawiki/1.23.0
version/mediawiki/1.23.1
version/mediawiki/1.23.2
version/mediawiki/1.23.3
version/mediawiki/1.23.4
version/mediawiki/1.23.5
version/mediawiki/1.23.6
version/mediawiki/1.23.7
version/mediawiki/1.23.8
version/mediawiki/1.24.0
version/mediawiki/1.24.1