MediaWiki Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running MediaWiki and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application.

Solution

Upgrade to MediaWiki 1.16.5 or later. For updates refer to http://www.mediawiki.org/wiki/MediaWiki

Insight

The flaw is due to an error when handling the file extension such as '.shtml' at the end of the query string, along with URI containing a '%2E' sequence in place of the .(dot) character.

Affected

MediaWiki version before 1.16.5

References

http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html
https://bugzilla.redhat.com/show_bug.cgi?id=702512
https://bugzilla.wikimedia.org/show_bug.cgi?id=28534

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1765

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari Multiple Vulnerabilities
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
Apache Tomcat Directory Listing and File disclosure
An Image Gallery Directory Traversal Vulnerability
AlienForm CGI script

Take action and discover your vulnerabilities