This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote web server contains a PHP script that is prone to cross-
site scripting attacks.
According to its version number, the version of MediaWiki installed on
the remote host is vulnerable to cross-site scripting attacks because
of its failure to sanitize input passed to certain HTML attributes by
including a template inside a style directive when editing an entry.
An attacker can leverage this flaw to inject arbitrary HTML and script
code to be executed by a user's browser within the context of an
See also :
Upgrade to MediaWiki 1.3.13 or later if using 1.3 legacy series
otherwise, switch to 1.4.5 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 18430 ()
Bugtraq ID: 13861
CVE ID: CVE-2005-1888
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.