{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T23:59:43.074","vulnerabilities":[{"cve":{"id":"CVE-2015-8622","sourceIdentifier":"cve@mitre.org","published":"2017-03-23T20:59:00.437","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named \"javascript:alert('XSS!').\""},{"lang":"es","value":"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en MediaWiki en versiones anteriores a 1.23.12, 1.24.x en versiones anteriores a 1.24.5, 1.25.x en versiones anteriores a 1.25.4 y 1.26.x en versiones anteriores a 1.26.1, cuando se configura con una URL relativa, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrario a través de wikitext, como demuestra un wikilink a una página llamada \"javascript:alert('XSS!')\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionEndIncluding":"1.23.11","matchCriteriaId":"3971880B-BD50-4E3D-96F0-D07F60D59923"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*","matchCriteriaId":"0B21EB21-AE87-48BF-B4A1-5E63A2E116B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*","matchCriteriaId":"A6C00423-B3FE-485A-9014-22F409DBD377"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*","matchCriteriaId":"E90C95FB-71CA-4CA1-935D-58A08244A81F"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*","matchCriteriaId":"5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:1.24.4:*:*:*:*:*:*:*","matchCriteriaId":"D92AA40C-3E9A-44E6-9833-06853B5BF453"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*","matchCriteriaId":"9129F374-93CB-43CE-A3B2-DB6483514F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*","matchCriteriaId":"CE125142-10A2-4ACF-9BA4-44E63C1E5DB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*","matchCriteriaId":"DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:1.25.3:*:*:*:*:*:*:*","matchCriteriaId":"6CCAC6ED-C3F5-4D8E-922B-FAA481210C6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*","matchCriteriaId":"7B418525-DAC2-461A-B931-BED05CC3AFBF"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2015/12/21/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/12/23/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"https://phabricator.wikimedia.org/T117899","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/12/21/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/12/23/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"https://phabricator.wikimedia.org/T117899","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}}]}