icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MediaWiki 1.14.0 / 1.15.0 Cross-Site Scripting Vulnerability

Medium

Synopsis

The remote web server is running a PHP application that is affected by a cross-site scripting vulnerability.

Description

The remote web server is running MediaWiki 1.14.0 or 1.15.0. These versions reportedly fail to properly supply user-supplied input to the 'ip' parameter of the 'Special: Blocks' page. An attacker could exploit this flaw to launch cross-site scripting attacks.

Solution

Upgrade to MediaWiki 1.14.1/1.15.1 or later.