CVE-2012-1582

Description

Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension.

How to fix CVE-2012-1582

To remediate CVE-2012-1582, upgrade the affected package to a fixed version below.

• Debian/mediawiki—upgrade to 1:1.15.5-9 or later

Is CVE-2012-1582 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:1.15.5-9

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-1582