{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T06:21:59.040","vulnerabilities":[{"cve":{"id":"CVE-2014-9481","sourceIdentifier":"security@debian.org","published":"2020-01-27T16:15:10.203","lastModified":"2024-11-21T02:20:59.597","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML."},{"lang":"es","value":"La extensión Scribunto para MediaWiki, permite a atacantes remotos obtener el token de reversión y posiblemente otra información confidencial por medio de un módulo diseñado, relacionado con el desarmado de páginas HTML especiales."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionEndExcluding":"1.19.23","matchCriteriaId":"124E3FE8-925D-47C7-A1BD-B7893DE35CC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionStartIncluding":"1.19.24","versionEndExcluding":"1.22.15","matchCriteriaId":"CCBAA26B-871F-47B9-8FA8-EFF4A80FCC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionStartIncluding":"1.23.0","versionEndExcluding":"1.23.8","matchCriteriaId":"B604C2A5-5D67-498C-918B-B6123680EA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionStartIncluding":"1.23.9","versionEndExcluding":"1.24.1","matchCriteriaId":"472CD2E7-D6FC-43EC-8A39-5FF1643C7CBF"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2014/12/21/2","source":"security@debian.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/01/03/13","source":"security@debian.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html","source":"security@debian.org","tags":["Patch","Vendor Advisory"]},{"url":"https://phabricator.wikimedia.org/T73167","source":"security@debian.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2014/12/21/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/01/03/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://phabricator.wikimedia.org/T73167","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}