Unrated severityNVD Advisory· Published Jan 7, 2010· Updated Apr 23, 2026
CVE-2009-4589
CVE-2009-4589
Description
Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- www.securityfocus.com/bid/35662nvdPatch
- www.vupen.com/english/advisories/2009/1882nvdPatchVendor Advisory
- osvdb.org/55824nvdExploit
- secunia.com/advisories/35818nvdVendor Advisory
- lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.htmlnvd
- bugzilla.wikimedia.org/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/51687nvd
News mentions
0No linked articles in our index yet.