FreeBSD : mediawiki -- two security vulnerabilities (fc55e396-6deb-11df-8b8e-000c29ba66d2)

High Nessus Plugin ID 46767


The remote FreeBSD host is missing a security-related update.


Two security vulnerabilities were discovered :

Noncompliant CSS parsing behaviour in Internet Explorer allows attackers to construct CSS strings which are treated as safe by previous versions of MediaWiki, but are decoded to unsafe strings by Internet Explorer.

A CSRF vulnerability was discovered in our login interface. Although regular logins are protected as of 1.15.3, it was discovered that the account creation and password reset reset features were not protected from CSRF. This could lead to unauthorised access to private wikis.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 46767

File Name: freebsd_pkg_fc55e3966deb11df8b8e000c29ba66d2.nasl

Version: $Revision: 1.6 $

Type: local

Published: 2010/06/02

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mediawiki, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2010/06/02

Vulnerability Publication Date: 2010/05/28

Reference Information

Secunia: 39922