MediaWiki < 1.19.8 / 1.20.7 / 1.21.2 Multiple Vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote web server contains an application that is affected by
multiple vulnerabilities.

Description :

According to its version number, the instance of MediaWiki installed on
the remote host is affected by the following vulnerabilities :

- The full installation path is disclosed in an error
message when an invalid language is specified in the
ResourceLoader. (CVE-2013-4301)

- Multiple cross-site request forgery vulnerabilities
exist in the API modules accessed through JSONP.

- A cross-site scripting vulnerability exists because
input submitted to the property name is not properly
sanitized. (CVE-2013-4303)

Additionally, the following extensions contain vulnerabilities, but are
not enabled or installed by default, unless otherwise noted.

- Authentication can be bypassed in the CentralAuth
extension by manipulating the 'centralauth_User' cookie.

- The SyntaxHighlight GeSHi extension is vulnerable to
cross-site scripting because user input is not properly
sanitized when submitted to the 'example.php' script.
This extension is installed, but not enabled by default
on MediaWiki 1.21.x. (CVE-2013-4305)

- The CheckUser extension is vulnerable to cross-site
request forgery attacks because it does not properly
validate HTTP requests. (CVE-2013-4306)

- The Wikibase extension is vulnerable to cross-site
scripting attacks because it does not properly escape
the labels in the 'In other languages' section of
entity view. (CVE-2013-4307)

- The LiquidThreads extensions is vulnerable to cross-site
scripting attacks because it does not properly sanitize
user input submitted to the LQT thread subject.

Note that Nessus has not tested for these issues but has instead relied
on the application's self-reported version number.

See also :

Solution :

Upgrade to MediaWiki version 1.19.8 / 1.20.7 / 1.21.2 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true