Lucene search

K
nessusTenable9476.PRM
HistoryAug 05, 2016 - 12:00 a.m.

MediaWiki < 1.23.7 Multiple Vulnerabilities

2016-08-0500:00:00
Tenable
www.tenable.com
8

The version of MediaWiki installed is 1.23.x earlier than 1.23.7 and is affected by multiple vulnerabilities :

  • A flaw exists that allows a reflected cross-site scripting (XSS) attack. This flaw exists because ‘Special:ExpandTemplates’ does not validate input to the ‘wpInput’ parameter before rendering it in raw HTML and returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2014-9276)
  • A flaw in the ‘wfMangleFlashPolicy()’ function in the ‘OutputHandler.php’ script is triggered as API output that contains ‘cross-domain-policy’ becomes corrupted when being handled by the aforementioned function. This may allow a remote attacker to more easily bypass intended cross-domain-policy restrictions. (CVE-2014-9277)
Binary data 9476.prm
VendorProductVersion
mediawikimediawiki