Summary
This host is running MediaWiki and is prone to XSS Vulnerability.
Impact
Successful exploitation will allow remote attackers to include arbitrary HTML or web scripts in the scope of the browser and allows to obtain sensitive information.
Impact level: Application
Solution
Apply the patch or Upgrade to MediaWiki version to 1.14.1, 1.15.1 or higher, http://download.wikimedia.org/mediawiki/1.14/mediawiki-1.14.1.patch.gz http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.1.patch.gz http://download.wikimedia.org/mediawiki/1.14/mediawiki-1.14.1.tar.gz http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.1.tar.gz
Insight
The flaw is due to the error in 'Special:Block' script in the 'getContribsLink' function in 'SpecialBlockip.php' page. It fails to properly sanitize user-supplied input while processing the 'ip' parameter.
Affected
MediaWiki version 1.14.0
MediaWiki version 1.15.0
References
Severity
Classification
-
CVE CVE-2009-4589 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Admidio get_file.php Remote File Disclosure Vulnerability
- Apache Tomcat Multiple Vulnerabilities June-09
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability