Summary
This host is running MediaWiki and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to MediaWiki version 1.17.5, 1.18.4, or 1.19.1 or later.
For updates refer to http://www.mediawiki.org/wiki/MediaWiki
Insight
Input passed via the 'uselang' parameter to 'index.php/Main_page' is not properly sanitised in the 'outputPage()' function, before being returned to the user.
Affected
MediaWiki versions prior to 1.17.5, 1.8.x before 1.18.4 and 1.19.x before 1.19.1
References
Severity
Classification
-
CVE CVE-2012-2698 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities