CVE-2012-4378

{"id": "CVE-2012-4378", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-10-26T20:29:00.327", "references": [{"url": "http://www.openwall.com/lists/oss-security/2012/08/31/10", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/08/31/6", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=853417", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://phabricator.wikimedia.org/T39587", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades Cross-Site Scripting (XSS) en MediaWiki en versiones anteriores a la 1.18.5 y en versiones 1.19.x anteriores a la 1.19.2, cuando se usan gadgets de JavaScript sin especificar, permiten que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el par\u00e1metro userlang en w/index.php."}], "lastModified": "2017-10-31T21:41:37.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B03517F3-5555-4DCF-A5BD-15B2AF03C970", "versionEndIncluding": "1.18.4"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}