Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:241)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

Updated mediawiki packages fix security vulnerabilies :

In MediaWiki before 1.23.7, a missing CSRF check could allow reflected
XSS on wikis that allow raw HTML (CVE-2014-9276).

MediaWiki's mangling, in MediaWiki before 1.23.7, could allow an
article editor to inject code into API consumers that blindly
unserialize PHP representations of the page from the API

This update provides MediaWiki 1.23.7, which fixes these security
issues and other bugs.

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 79986 ()

Bugtraq ID: 71473

CVE ID: CVE-2014-9276

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now