MediaWiki Multiple XSS Vulnerabilities Network Vulnerability

Summary

This host is running MediaWiki and is prone to Multiple XSS Vulnerabilities.

Impact

Successful exploitation will let the attacker include arbitrary HTML or web scripts in the scope of the browser. This may lead to cross site scripting attacks and the attacker may gain sensitive information of the remote user or of the web application. Impact level: Application

Solution

Apply the security updates accordingly. MediaWiki Version 1.13.4 MediaWiki Version 1.12.4 MediaWiki Version 1.6.12

Insight

Multiple flaws are caused as the data supplied by the user via unspecified vectors is not adequately sanitised before being passed into the file 'config/index.php' of MediaWiki.

Affected

MediaWiki version prior to 1.13.4 MediaWiki version prior to 1.12.4 MediaWiki version prior to 1.6.12

References

http://secunia.com/advisories/33881
http://www.vupen.com/english/advisories/2009/0368

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0737
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Fingerprint web server with favicon.ico
Apache Tomcat mod_jk Information Disclosure Vulnerability
MediaWiki Multiple XSS Vulnerabilities
OTRS move_into Restriction Bypass Vulnerability
Firefox Information Disclosure Vulnerability Jan09 (Win)

Take action and discover your vulnerabilities