MediaWiki 1.19.x < 1.19.6 / 1.20.x < 1.20.5 Multiple Vulnerabilities
Medium Nessus Plugin ID 66390
SynopsisThe remote web server contains a PHP application that is affected by multiple vulnerabilities.
DescriptionAccording to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities :
- A flaw exists because the application fails to validate input passed via uploaded SVG files before returning it to the user. This allows a remote attacker to conduct cross-site scripting (XSS) attacks. (CVE-2013-2031)
- A flaw exists that allows an attacker to bypass the password change blocking mechanism. (CVE-2013-2032)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to MediaWiki version 1.19.6 / 1.20.5 or later.