Main Vulnerability Database Exploits ID:1772 - Exploit for Stored cross-site scripting in MediaWiki - CVE-2017-0372

ID:1772 - Exploit for Stored cross-site scripting in MediaWiki - CVE-2017-0372

Published: March 18, 2020

Vulnerability identifier: #VU7286

Vulnerability risk: Low

CVE-ID: CVE-2017-0372

CWE-ID: CWE-79

Exploitation vector: Remote access

Vulnerable software:
MediaWiki

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/multi/http/mediawiki_syntaxhighlight

Vulnerability description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the SyntaxHighlight_GeSHi extension. A remote attacker can create a specially crafted page with XSS exploit, trick the victim to visit it and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Update to version 1.27.3 or 1.28.2.

ID:1772 - Exploit for Stored cross-site scripting in MediaWiki - CVE-2017-0372

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human