Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:119)
Low Nessus Plugin ID 74452
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated mediawiki packages fix security vulnerability :
XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this could potentially lead to an XSS crossing a privilege boundary (CVE-2014-3966).
SolutionUpdate the affected packages.