MediaWiki 1.14.0 / 1.15.0 Cross-Site Scripting Vulnerability
Medium Nessus Network Monitor Plugin ID 5097
SynopsisThe remote web server is running a PHP application that is affected by a cross-site scripting vulnerability.
DescriptionThe remote web server is running MediaWiki 1.14.0 or 1.15.0. These versions reportedly fail to properly supply user-supplied input to the 'ip' parameter of the 'Special: Blocks' page. An attacker could exploit this flaw to launch cross-site scripting attacks.
SolutionUpgrade to MediaWiki 1.14.1/1.15.1 or later.