{"id":"CVE-2007-0177","details":"Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","modified":"2026-04-10T03:37:57.464588Z","published":"2007-01-11T00:28:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/23647"},{"type":"ADVISORY","url":"http://secunia.com/advisories/24889"},{"type":"ADVISORY","url":"http://sourceforge.net/forum/forum.php?forum_id=652721"},{"type":"ADVISORY","url":"http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES"},{"type":"ADVISORY","url":"http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES"},{"type":"ADVISORY","url":"http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES"},{"type":"ADVISORY","url":"http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES"},{"type":"ADVISORY","url":"http://www.novell.com/linux/security/advisories/2007_6_sr.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/21956"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2007/0096"},{"type":"FIX","url":"http://sourceforge.net/forum/forum.php?forum_id=652721"},{"type":"FIX","url":"http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES"},{"type":"FIX","url":"http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES"},{"type":"FIX","url":"http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES"},{"type":"FIX","url":"http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES"},{"type":"FIX","url":"http://www.securityfocus.com/bid/21956"},{"type":"WEB","url":"http://osvdb.org/31525"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/31359"}],"schema_version":"1.7.5"}