CVE-2009-4589

Name of the Vulnerable Software and Affected Versions MediaWiki versions 1.14.0 through 1.15.0

Description A cross-site scripting issue exists in the Special:Block implementation, specifically in the getContribsLink function within SpecialBlockip.php. This allows remote attackers to inject arbitrary web script or HTML via the ip parameter.

Recommendations For MediaWiki versions 1.14.0 through 1.15.0, consider updating to a version where this issue is resolved, as no specific fix is provided for these versions. As a temporary workaround, restrict access to the Special:Block implementation to minimize the risk of exploitation. Avoid using the ip parameter in the affected function until the issue is resolved.