MediaWiki 1.19.x < 1.19.6 / 1.20.x < 1.20.5 Multiple Vulnerabilities

Medium Nessus Plugin ID 66390

Synopsis

The remote web server contains a PHP application that is affected by multiple vulnerabilities.

Description

According to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities :

- A flaw exists because the application fails to validate input passed via uploaded SVG files before returning it to the user. This allows a remote attacker to conduct cross-site scripting (XSS) attacks. (CVE-2013-2031)

- A flaw exists that allows an attacker to bypass the password change blocking mechanism. (CVE-2013-2032)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to MediaWiki version 1.19.6 / 1.20.5 or later.

MediaWiki 1.19.x < 1.19.6 / 1.20.x < 1.20.5 Multiple Vulnerabilities

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

Vulnerability Information

Reference Information