Search for vulnerabilities
Vulnerability details: VCID-16yv-m7sv-aaaf
Vulnerability ID VCID-16yv-m7sv-aaaf
Aliases CVE-2008-0460
Summary Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.12007 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.1566 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.19826 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.35901 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.35901 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.35901 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.35901 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.35901 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.35901 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.35901 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.53590 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.53590 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.53590 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.53590 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.53590 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.63693 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.63693 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
epss 0.67038 https://api.first.org/data/v1/epss?cve=CVE-2008-0460
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=430286
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2008-0460
Reference id Reference type URL
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-January/000068.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0460.json
https://api.first.org/data/v1/epss?cve=CVE-2008-0460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0460
http://secunia.com/advisories/28629
http://secunia.com/advisories/29266
https://exchange.xforce.ibmcloud.com/vulnerabilities/39901
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00189.html
http://www.securityfocus.com/bid/28137
http://www.vupen.com/english/advisories/2008/0280
430286 https://bugzilla.redhat.com/show_bug.cgi?id=430286
cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.11.0rc1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.11.0rc1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki_botquery_ext:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki_botquery_ext:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
CVE-2008-0460 https://nvd.nist.gov/vuln/detail/CVE-2008-0460
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-0460
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93146
EPSS Score 0.12007
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.