Summary
This host is running MediaWiki and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application.
Solution
Upgrade to MediaWiki 1.16.5 or later.
For updates refer to http://www.mediawiki.org/wiki/MediaWiki
Insight
The flaw is due to an error when handling the file extension such as '.shtml' at the end of the query string, along with URI containing a '%2E' sequence in place of the .(dot) character.
Affected
MediaWiki version before 1.16.5
References
Severity
Classification
-
CVE CVE-2011-1765 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- A Really Simple Chat Multiple XSS Vulnerabilities
- Apache ActiveMQ Source Code Information Disclosure Vulnerability