Summary
This host is running MediaWiki and is prone to XSS Vulnerability.
Impact
Successful exploitation will allow remote attackers to include arbitrary HTML or web scripts in the scope of the browser and allows to obtain sensitive information.
Impact level: Application
Solution
Apply the patch or Upgrade to MediaWiki version to 1.14.1, 1.15.1 or higher, http://download.wikimedia.org/mediawiki/1.14/mediawiki-1.14.1.patch.gz http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.1.patch.gz http://download.wikimedia.org/mediawiki/1.14/mediawiki-1.14.1.tar.gz http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.1.tar.gz
Insight
The flaw is due to the error in 'Special:Block' script in the 'getContribsLink' function in 'SpecialBlockip.php' page. It fails to properly sanitize user-supplied input while processing the 'ip' parameter.
Affected
MediaWiki version 1.14.0
MediaWiki version 1.15.0
References
Severity
Classification
-
CVE CVE-2009-4589 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities