Search for vulnerabilities
Vulnerability details: VCID-4me7-4qh5-aaar
Vulnerability ID VCID-4me7-4qh5-aaar
Aliases CVE-2015-2939
Summary Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2939.html
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00280 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00280 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00280 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00280 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
epss 0.01208 https://api.first.org/data/v1/epss?cve=CVE-2015-2939
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2939
generic_textual Medium https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2015-2939
generic_textual Medium http://www.openwall.com/lists/oss-security/2015/04/01/1
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2939.html
https://api.first.org/data/v1/epss?cve=CVE-2015-2939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2939
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
https://phabricator.wikimedia.org/T85113
https://security.gentoo.org/glsa/201510-05
http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
http://www.openwall.com/lists/oss-security/2015/04/01/1
http://www.openwall.com/lists/oss-security/2015/04/07/3
http://www.securityfocus.com/bid/73477
cpe:2.3:a:mediawiki:scribunto:-:*:*:*:*:mediawiki:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:scribunto:-:*:*:*:*:mediawiki:*:*
CVE-2015-2939 https://nvd.nist.gov/vuln/detail/CVE-2015-2939
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-2939
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.67652
EPSS Score 0.00274
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.