VDB
CVE-2014-9276
CVE-2014-9276
PUBLISHED
CVSS 5.099999904632568 MEDIUM
Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview.
EPSS 0.11% · 29.6th percentile
Risk Scores
CVSS 2.0
5.099999904632568
EPSS Score
0.11%
29.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mediawiki | mediawiki | 1.22.12, 0, 1.20 |
| n/a | n/a | n/a |
Timeline
- Dec 8, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 1031301 vdb
- [oss-security] 20141203 MediaWiki security release - 1.23.7 mailing-list
- [oss-security] 20141204 Re: MediaWiki security release - 1.23.7 mailing-list
- https://phabricator.wikimedia.org/T73111 url
- [MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22 mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2014-9276 advisory
- http://advisories.mageia.org/MGASA-2014-0506.html advisory