CVE-2006-2611 - Vulnerability Details - OpenCVE

Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.01413.

Key SSVC decision points have not yet been added.

Vendors	Products
Mediawiki	Mediawiki

Configuration 1 [-]

OR	cpe:2.3:a:mediawiki:mediawiki::::::::
	cpe:2.3:a:mediawiki:mediawiki:1.6.5:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2006-2610	Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the \| (pipe) character.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://bugzilla.wikimedia.org/show_bug.cgi?id=6055
http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html
http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html
http://nickj.org/MediaWiki
http://secunia.com/advisories/20189
http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349
http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349
http://www.osvdb.org/25713
http://www.vupen.com/english/advisories/2006/1926
https://exchange.xforce.ibmcloud.com/vulnerabilities/26646

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-05-26T01:00:00

Updated: 2024-08-07T17:58:51.837Z

Reserved: 2006-05-25T00:00:00

Link: CVE-2006-2611

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-05-26T01:06:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-2611

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-05-23T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25713", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/25713"}, {"tags": ["x_refsource_MISC"], "url": "http://nickj.org/MediaWiki"}, {"tags": ["x_refsource_MISC"], "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=6055"}, {"name": "[Wikitech-l] 20060523 MediaWiki 1.6.5 JavaScript Execution Vulnerability # 2", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html"}, {"name": "mediawiki-unspecified-handler-xss(26646)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26646"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349"}, {"name": "ADV-2006-1926", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1926"}, {"tags": ["x_refsource_MISC"], "url": "http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349"}, {"name": "[Wikitech-l] 20060523 MediaWiki 1.6.5 JavaScript Execution Vulnerability # 2", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html"}, {"name": "20189", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20189"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2611", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25713", "refsource": "OSVDB", "url": "http://www.osvdb.org/25713"}, {"name": "http://nickj.org/MediaWiki", "refsource": "MISC", "url": "http://nickj.org/MediaWiki"}, {"name": "http://bugzilla.wikimedia.org/show_bug.cgi?id=6055", "refsource": "MISC", "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=6055"}, {"name": "[Wikitech-l] 20060523 MediaWiki 1.6.5 JavaScript Execution Vulnerability # 2", "refsource": "MLIST", "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html"}, {"name": "mediawiki-unspecified-handler-xss(26646)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26646"}, {"name": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349", "refsource": "CONFIRM", "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349"}, {"name": "ADV-2006-1926", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1926"}, {"name": "http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349", "refsource": "MISC", "url": "http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349"}, {"name": "[Wikitech-l] 20060523 MediaWiki 1.6.5 JavaScript Execution Vulnerability # 2", "refsource": "MLIST", "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html"}, {"name": "20189", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20189"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:58:51.837Z"}, "title": "CVE Program Container", "references": [{"name": "25713", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/25713"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://nickj.org/MediaWiki"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=6055"}, {"name": "[Wikitech-l] 20060523 MediaWiki 1.6.5 JavaScript Execution Vulnerability # 2", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html"}, {"name": "mediawiki-unspecified-handler-xss(26646)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26646"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349"}, {"name": "ADV-2006-1926", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1926"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349"}, {"name": "[Wikitech-l] 20060523 MediaWiki 1.6.5 JavaScript Execution Vulnerability # 2", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html"}, {"name": "20189", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20189"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2611", "datePublished": "2006-05-26T01:00:00", "dateReserved": "2006-05-25T00:00:00", "dateUpdated": "2024-08-07T17:58:51.837Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AA2CC68-D27E-4087-8888-D6695A052F2D", "versionEndIncluding": "1.6.5_r14348", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character."}], "id": "CVE-2006-2611", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-05-26T01:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=6055"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html"}, {"source": "cve@mitre.org", "url": "http://nickj.org/MediaWiki"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20189"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/25713"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1926"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26646"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=6055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://nickj.org/MediaWiki"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20189"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/25713"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1926"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26646"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}