CVE-2008-5249
Description
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MediaWiki 1.13.0 to 1.13.2 contains an unspecified XSS vulnerability allowing arbitrary script injection.
Vulnerability
MediaWiki 1.13.0 through 1.13.2 contains a cross-site scripting (XSS) vulnerability that can be triggered via unspecified vectors [1]. The vulnerability affects all MediaWiki installations between these versions [1].
Exploitation
An attacker can exploit this vulnerability by tricking an authorized user into visiting a web page controlled by the attacker [1]. The attacker does not necessarily need to have an account on the wiki; the user interaction is required to activate the attack [1].
Impact
Successful exploitation allows the attacker to inject arbitrary web script or HTML [1]. This enables the attacker to steal the authorized user's login session and act as that user on the wiki [1].
Mitigation
The vulnerability is fixed in MediaWiki 1.13.3 and later [1]. Site administrators are encouraged to upgrade to this version immediately [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.htmlnvdPatchVendor Advisory
- secunia.com/advisories/33133nvdVendor Advisory
- secunia.com/advisories/33349nvd
- www.debian.org/security/2009/dsa-1901nvd
- www.securityfocus.com/bid/32844nvd
- www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.htmlnvd
News mentions
0No linked articles in our index yet.