{
  "modified": "2025-08-09T19:01:27Z",
  "published": "2011-04-27T00:55:01Z",
  "id": "CVE-2010-2788",
  "details": "Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
    },
    {
      "type": "FIX",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
    },
    {
      "type": "FIX",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
    },
    {
      "type": "FIX",
      "url": "http://openwall.com/lists/oss-security/2010/07/29/4"
    },
    {
      "type": "FIX",
      "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision\u0026revision=69952"
    },
    {
      "type": "FIX",
      "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision\u0026revision=69984"
    },
    {
      "type": "FIX",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620225"
    },
    {
      "type": "FIX",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620226"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/42024"
    }
  ]
}