Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2011-1578

EPSS 0.71% · P72
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2011-1578

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
MediaWiki跨站脚本攻击漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MediaWiki是美国维基媒体(Wikimedia)基金会和MediaWiki志愿者共同开发维护的一套自由免费的基于网络的Wiki引擎,它可用于部署内部的知识管理和内容管理系统。 当使用Internet Explorer 6或者之前版本时,MediaWiki 1.16.3之前版本中存在跨站脚本攻击漏洞。远程攻击者可以借助具有危险扩展访问权限的上传文件注入任意web脚本或者HTML,例如位于查询字符串末端的.html文件,该文件与使用%2E序列替代“.”字符修改过的URI路径相结合。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2011-1578

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2011-1578

Please Login to view more intelligence information

Same Patch Batch · n/a · 2011-04-27 · 26 CVEs total

CVE-2010-4798OrangeHRM index.php 'uri'目录遍历漏洞
CVE-2011-1725HP Network Automation信息泄露漏洞
CVE-2011-1719CA Output Management Web Viewer ActiveX控件栈缓冲区错误漏洞
CVE-2011-1718CA SiteMinder Web Agents用户假冒漏洞
CVE-2011-1599Digium Asterisk管理界面manager.c任意命令执行漏洞
CVE-2011-1587MediaWiki 跨站脚本漏洞
CVE-2011-1586KDE SC 路径遍历漏洞
CVE-2011-1580MediaWiki transwiki输入功能安全绕过漏洞
CVE-2011-1579MediaWiki维基文本解析器跨站脚本攻击漏洞
CVE-2011-1507Digium Asterisk安全绕过和拒绝服务漏洞
CVE-2010-4801BaconMap admin/updatelist.php 'filepath'目录遍历漏洞
CVE-2010-4800BaconMap doadd.php 'type' SQL注入漏洞
CVE-2010-4799Chipmunk Pwngame多个SQL注入漏洞
CVE-2010-2787MediaWiki api.php信息泄露漏洞
CVE-2010-4797Truworth Flex Timesheet登录表单多个SQL注入漏洞
CVE-2010-4796PHPYun多个SQL注入漏洞
CVE-2010-4795Joomlaseller JS Calendar组件SQL注入漏洞
CVE-2010-4794JoomlaSeller JS Calendar组件多个跨站脚本攻击漏洞
CVE-2010-4793Site2Nite Auto e-Manager detail.asp 'ID' SQL注入漏洞
CVE-2010-4792OPEN IT OverLook title.php 'frame'跨站脚本攻击漏洞

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2011-1578

No comments yet

Leave a comment