MediaWiki Backslash Escaped CSS Comments XSS
Medium Nessus Plugin ID 53448
SynopsisThe remote web server hosts a version of MediaWiki that is affected by a cross-site vulnerability.
DescriptionThis installation of MediaWiki is affected by a cross-site scripting vulnerability that allows an attacker to execute arbitrary script code in the browser of an unsuspecting user. Such script code can steal authentication credentials and be used to launch other attacks.
This version of MediaWiki may also contain a second cross-site scripting and/or an unauthorized access vulnerability, but this plugin did not test for these vulnerabilities.
SolutionUpgrade to MediaWiki 1.16.3 or later.