logo
DATABASE RESOURCES PRICING ABOUT US

MediaWiki < 1.19.18 / 1.22.9 / 1.23.2 Multiple Vulnerabilities

Description

According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities : - A flaw exists due to comments not being prepended to the JSONP callbacks. This allows a remote attacker, using a specially crafted SWF file, to perform a cross-site request forgery attack. (CVE-2014-5241) - A cross-site scripting vulnerability exists within the 'mediawiki.page.image.pagination.js' script due to a failure to validate user-supplied input when the function 'ajaxifyPageNavigation' calls 'loadPage'. This allows a remote attacker, using a specially crafted request, to execute arbitrary script code within the trust relationship between the browser and server. (CVE-2014-5242) - A flaw exists with the iFrame protection mechanism, related to 'OutputPage' and 'ParserOutput', which allows a remote attacker to conduct a clickjacking attack. (CVE-2014-5243) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Related