Web application abuses : MediaWiki < 1.16.5 XSS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902380

Categoría: Web application abuses

Título: MediaWiki < 1.16.5 XSS Vulnerability - Active Check

Resumen: MediaWiki is prone to a cross-site scripting (XSS); vulnerability.

Descripción: Summary:
MediaWiki is prone to a cross-site scripting (XSS)
vulnerability.

Vulnerability Insight:
The flaw is due to an error when handling the file extension
such as '.shtml' at the end of the query string, along with URI containing a '%2E' sequence in
place of the .(dot) character.

Vulnerability Impact:
Successful exploitation will allow attacker to execute arbitrary
HTML and script code in a user's browser session in the context of an affected site.

Affected Software/OS:
MediaWiki version prior to 1.16.5.

Solution:
Update to version 1.16.5 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1765
44684
http://secunia.com/advisories/44684
47722
http://www.securityfocus.com/bid/47722
FEDORA-2011-6774
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html
FEDORA-2011-6775
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html
FEDORA-2011-6781
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html
[mediawiki-announce] 20110505 MediaWiki security release 1.16.5
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html
https://bugzilla.redhat.com/show_bug.cgi?id=702512
https://bugzilla.wikimedia.org/show_bug.cgi?id=28534

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902380
Categoría:	Web application abuses
Título:	MediaWiki < 1.16.5 XSS Vulnerability - Active Check
Resumen:	MediaWiki is prone to a cross-site scripting (XSS); vulnerability.
Descripción:	Summary: MediaWiki is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to an error when handling the file extension such as '.shtml' at the end of the query string, along with URI containing a '%2E' sequence in place of the .(dot) character. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: MediaWiki version prior to 1.16.5. Solution: Update to version 1.16.5 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1765 44684 http://secunia.com/advisories/44684 47722 http://www.securityfocus.com/bid/47722 FEDORA-2011-6774 http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html FEDORA-2011-6775 http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html FEDORA-2011-6781 http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html [mediawiki-announce] 20110505 MediaWiki security release 1.16.5 http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html https://bugzilla.redhat.com/show_bug.cgi?id=702512 https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
Copyright	Copyright (C) 2011 Greenbone AG