Lucene search

K
nessusTenable9476.PRM
HistoryAug 05, 2016 - 12:00 a.m.

MediaWiki < 1.23.7 Multiple Vulnerabilities

2016-08-0500:00:00
Tenable
www.tenable.com
17

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.033

Percentile

91.5%

The version of MediaWiki installed is 1.23.x earlier than 1.23.7 and is affected by multiple vulnerabilities :

  • A flaw exists that allows a reflected cross-site scripting (XSS) attack. This flaw exists because ‘Special:ExpandTemplates’ does not validate input to the ‘wpInput’ parameter before rendering it in raw HTML and returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2014-9276)
  • A flaw in the ‘wfMangleFlashPolicy()’ function in the ‘OutputHandler.php’ script is triggered as API output that contains ‘cross-domain-policy’ becomes corrupted when being handled by the aforementioned function. This may allow a remote attacker to more easily bypass intended cross-domain-policy restrictions. (CVE-2014-9277)
Binary data 9476.prm

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.033

Percentile

91.5%