MediaWiki 'uselang' Parameter Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running MediaWiki and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to MediaWiki version 1.17.5, 1.18.4, or 1.19.1 or later. For updates refer to http://www.mediawiki.org/wiki/MediaWiki

Insight

Input passed via the 'uselang' parameter to 'index.php/Main_page' is not properly sanitised in the 'outputPage()' function, before being returned to the user.

Affected

MediaWiki versions prior to 1.17.5, 1.8.x before 1.18.4 and 1.19.x before 1.19.1

References

http://secunia.com/advisories/49484
http://securitytracker.com/id?1027179
http://www.openwall.com/lists/oss-security/2012/06/14/2
http://www.osvdb.org/82983
http://xforce.iss.net/xforce/xfdb/76311
https://bugzilla.wikimedia.org/show_bug.cgi?id=36938

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2698

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
Apache Struts Cross Site Scripting Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities