MediaWiki API XSS

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server hosts a version of MediaWiki that is vulnerable
to a cross-site scripting attack.

Description :

There is a cross-site scripting vulnerability in this installation of
MediaWiki that may allow an attacker to execute arbitrary script code
in the browser of an unsuspecting user. Such script code could steal
authentication credentials and be used to launch other attacks.

See also :

http://www.nessus.org/u?bb194760
https://bugzilla.wikimedia.org/show_bug.cgi?id=28507

Solution :

Upgrade to MediaWiki 1.16.4 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: CGI abuses : XSS

Nessus Plugin ID: 53449 ()

Bugtraq ID:

CVE ID: