MediaWiki API XSS
Medium Nessus Plugin ID 53449
SynopsisThe remote web server hosts a version of MediaWiki that is affected by a cross-site scripting vulnerability.
DescriptionA cross-site scripting vulnerability exists in this installation of MediaWiki that allows an attacker to execute arbitrary script code in the browser of an unsuspecting user. Such script code could steal authentication credentials and be used to launch other attacks.
SolutionUpgrade to MediaWiki 1.16.4 or later.