CVE-2009-0737

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2009-0737

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-0737.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2009-0737

Downstream

DEBIAN-CVE-2009-0737

DSA-1901-1

Published

2009-02-25T20:30:02Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

http://secunia.com/advisories/33881
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_4/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_12/phase3/RELEASE-NOTES
http://www.debian.org/security/2009/dsa-1901
http://www.vupen.com/english/advisories/2009/0368
http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-February/000083.html
http://www.securityfocus.com/bid/33681

CVE-2009-0737

Affected packages