ID de Prueba:	1.3.6.1.4.1.25623.1.0.902070
Categoría:	Web application abuses
Título:	MediaWiki 1.15.x < 1.15.4, 1.16.x < 1.16 beta 3 XSS and CSRF Vulnerabilities
Resumen:	MediaWiki is prone to cross-site scripting (XSS) and cross-site; request forgery (CSRF) vulnerabilities.
Descripción:	Summary: MediaWiki is prone to cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities. Vulnerability Insight: - A flaw is present while processing crafted Cascading Style Sheets (CSS) strings, which are processed as scripts - An error is present in the 'Special:Userlogin' form, which allows remote attackers to hijack the authentication of users for requests that create accounts or reset passwords. Vulnerability Impact: Successful exploitation will allow remote attackers to inject arbitrary web script or HTML and to hijack the authentication of users. Affected Software/OS: MediaWiki versions 1.15.x prior to 1.15.4 and 1.16.x prior to 1.16 beta 3. Solution: Update to version 1.15.4, 1.16 beta 3 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1647 FEDORA-2010-10779 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html FEDORA-2010-10848 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html [MediaWiki-announce] 20100528 MediaWiki security update: 1.15.4 and 1.16.0beta3 http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html https://bugzilla.wikimedia.org/show_bug.cgi?id=23687 Common Vulnerability Exposure (CVE) ID: CVE-2010-1648 https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.