Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MediaWiki 1.14.0 / 1.15.0 Cross-Site Scripting Vulnerability

Medium

Synopsis

The remote web server is running a PHP application that is affected by a cross-site scripting vulnerability.

Description

The remote web server is running MediaWiki 1.14.0 or 1.15.0. These versions reportedly fail to properly supply user-supplied input to the 'ip' parameter of the 'Special: Blocks' page. An attacker could exploit this flaw to launch cross-site scripting attacks.

Solution

Upgrade to MediaWiki 1.14.1/1.15.1 or later.