Input validation error in MediaWiki - CVE-2011-0003
Published: January 11, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU45470
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2011-0003
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: MediaWiki.org
Affected software:
MediaWiki
MediaWiki
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.
How to mitigate CVE-2011-0003
Install update from vendor's website.
Sources
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-January/000093.html
- http://secunia.com/advisories/42810
- http://www.openwall.com/lists/oss-security/2011/01/04/12
- http://www.openwall.com/lists/oss-security/2011/01/04/6
- http://www.osvdb.org/70272
- http://www.vupen.com/english/advisories/2011/0017
- https://bugzilla.wikimedia.org/show_bug.cgi?id=26561
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64476