Strix
26.1K

CVE-2014-7295

UnknownEPSS 1.57%

Last modified

CVE-2014-7295 is a vulnerability of currently unknown severity. The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.. EPSS estimates a 1.57% chance of exploitation in the next 30 days.

Description

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.

Metrics

EPSS Probability
1.57%

72.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
MediawikiMediawiki<= 1.19.19
MediawikiMediawiki1.19
MediawikiMediawiki1.19.0
MediawikiMediawiki1.19.1
MediawikiMediawiki1.19.2
MediawikiMediawiki1.19.3
MediawikiMediawiki1.19.4
MediawikiMediawiki1.19.5
MediawikiMediawiki1.19.6
MediawikiMediawiki1.19.7
MediawikiMediawiki1.19.8
MediawikiMediawiki1.19.9
MediawikiMediawiki1.19.10
MediawikiMediawiki1.19.11
MediawikiMediawiki1.19.12
MediawikiMediawiki1.19.13
MediawikiMediawiki1.19.14
MediawikiMediawiki1.19.15
MediawikiMediawiki1.19.16
MediawikiMediawiki1.19.17
MediawikiMediawiki1.19.18
MediawikiMediawiki1.22.0
MediawikiMediawiki1.22.1
MediawikiMediawiki1.22.2
MediawikiMediawiki1.22.3
MediawikiMediawiki1.22.4
MediawikiMediawiki1.22.5
MediawikiMediawiki1.22.6
MediawikiMediawiki1.22.7
MediawikiMediawiki1.22.8
MediawikiMediawiki1.22.9
MediawikiMediawiki1.22.10
MediawikiMediawiki1.22.11
MediawikiMediawiki1.23.0
MediawikiMediawiki1.23.1
MediawikiMediawiki1.23.2
MediawikiMediawiki1.23.3
MediawikiMediawiki1.23.4

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-7295?
The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.
How severe is CVE-2014-7295?
Severity scoring for CVE-2014-7295 is pending analysis. The EPSS model estimates a 1.57% probability of exploitation in the next 30 days.
How do I fix CVE-2014-7295?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-7295?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST