{ "modified": "2025-08-09T19:01:26Z", "published": "2007-01-11T00:28:00Z", "id": "CVE-2007-0177", "details": "Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "type": "ADVISORY", "url": "http://secunia.com/advisories/23647" }, { "type": "ADVISORY", "url": "http://secunia.com/advisories/24889" }, { "type": "ADVISORY", "url": "http://sourceforge.net/forum/forum.php?forum_id=652721" }, { "type": "ADVISORY", "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES" }, { "type": "ADVISORY", "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES" }, { "type": "ADVISORY", "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES" }, { "type": "ADVISORY", "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES" }, { "type": "ADVISORY", "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/21956" }, { "type": "ADVISORY", "url": "http://www.vupen.com/english/advisories/2007/0096" }, { "type": "FIX", "url": "http://sourceforge.net/forum/forum.php?forum_id=652721" }, { "type": "FIX", "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES" }, { "type": "FIX", "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES" }, { "type": "FIX", "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES" }, { "type": "FIX", "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES" }, { "type": "FIX", "url": "http://www.securityfocus.com/bid/21956" }, { "type": "WEB", "url": "http://osvdb.org/31525" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31359" } ] }