CVE-2007-1054
EPSS 4.8%
Description
Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.
How to fix CVE-2007-1054
To remediate CVE-2007-1054, upgrade the affected package to a fixed version below.
- Debian/mediawiki—upgrade to 1.7.1-9 or later
Is CVE-2007-1054 being exploited?
Low — EPSS is 4.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.7.1-9