CVE-2008-4408
mediawiki - cross site scripting
EPSS 0.69%
Description
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.
How to fix CVE-2008-4408
To remediate CVE-2008-4408, upgrade the affected package to a fixed version below.
- Debian/mediawiki—upgrade to 1:1.13.2-1 or later
- Debian/mediawiki—upgrade to 1.12.0-2lenny1 or later
Is CVE-2008-4408 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:1.13.2-1
- from 0, < 1.12.0-2lenny1