Debian Security Advisory DSA 3110-1 (mediawiki - Security Update) Network Vulnerability

Summary

A flaw was discovered in mediawiki, a wiki engine: thumb.php outputs wikitext messages as raw HTML, potentially leading to cross-site scripting (XSS).

Solution

For the stable distribution (wheezy), this problem has been fixed in version 1.19.20+dfsg-0+deb7u3 this version additionally fixes a regression introduced in the previous release, DSA-3100-1. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 1:1.19.20+dfsg-2.2. We recommend that you upgrade your mediawiki packages.

Insight

MediaWiki is a wiki engine (a program for creating a collaboratively edited website). It is designed to handle heavy websites containing library-like document collections, and supports user uploads of images/sounds, multilingual content, TOC autogeneration, ISBN links, etc.

Affected

mediawiki on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-3110.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9475
CVSS Base Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 3110-1 (mediawiki - security update)

Take action and discover your vulnerabilities