Summary
A flaw was discovered in mediawiki, a
wiki engine: thumb.php outputs wikitext messages as raw HTML, potentially leading to cross-site scripting (XSS).
Solution
For the stable distribution (wheezy),
this problem has been fixed in version 1.19.20+dfsg-0+deb7u3 this version
additionally fixes a regression introduced in the previous release, DSA-3100-1.
For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 1:1.19.20+dfsg-2.2.
We recommend that you upgrade your mediawiki packages.
Insight
MediaWiki is a wiki engine
(a program for creating a collaboratively edited website). It is designed to handle heavy websites containing library-like document collections, and supports user uploads of images/sounds, multilingual content, TOC autogeneration, ISBN links, etc.
Affected
mediawiki on Debian Linux
Detection
This check tests the installed software
version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-9475 -
CVSS Base Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N
Related Vulnerabilities