MediaWiki < 1.23.7 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9476

Synopsis

The remote web server is running a PHP application that is out of date

Description

The version of MediaWiki installed is 1.23.x earlier than 1.23.7 and is affected by multiple vulnerabilities :

- A flaw exists that allows a reflected cross-site scripting (XSS) attack. This flaw exists because 'Special:ExpandTemplates' does not validate input to the 'wpInput' parameter before rendering it in raw HTML and returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2014-9276)
- A flaw in the 'wfMangleFlashPolicy()' function in the 'OutputHandler.php' script is triggered as API output that contains 'cross-domain-policy' becomes corrupted when being handled by the aforementioned function. This may allow a remote attacker to more easily bypass intended cross-domain-policy restrictions. (CVE-2014-9277)

Solution

Upgrade to MediaWiki version 1.23.7

See Also

https://www.mediawiki.org/wiki/MediaWiki

https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html

Plugin Details

Severity: High

ID: 9476

Family: CGI

Published: 8/5/2016

Updated: 3/6/2019

Nessus ID: 81227, 80121

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mediawiki:mediawiki

Patch Publication Date: 11/26/2014

Vulnerability Publication Date: 11/26/2014

Reference Information

CVE: CVE-2014-9276, CVE-2014-9277

BID: 71473