Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2015 Greenbone AGOPENVAS:1361412562310806632
HistoryNov 26, 2015 - 12:00 a.m.

MediaWiki Multiple Vulnerabilities -02 (Nov 2015) - Windows

2015-11-2600:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
12

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.6%

JSON

MediaWiki is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mediawiki:mediawiki";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.806632");
  script_version("2024-02-09T05:06:25+0000");
  script_cve_id("CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2024-02-09 05:06:25 +0000 (Fri, 09 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-01-30 18:32:00 +0000 (Thu, 30 Jan 2020)");
  script_tag(name:"creation_date", value:"2015-11-26 16:21:27 +0530 (Thu, 26 Nov 2015)");
  script_name("MediaWiki Multiple Vulnerabilities -02 (Nov 2015) - Windows");

  script_tag(name:"summary", value:"MediaWiki is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to:

  - An error which displays some information about deleted pages in the log
  API, enhanced RecentChanges, and user watchlists.

  - An error in CSS whose sanitization did not filter -o-link attributes.

  - An error leading SVG sanitization to bypass when the XML was considered
  invalid.

  - An error in SVG files upload that could lead to include external stylesheets
  in upload.");

  script_tag(name:"impact", value:"Successful exploitation will allow remote
  attackers to conduct XSS attacks, gain access to sensitive information and
  have other some unspecified impact.");

  script_tag(name:"affected", value:"MediaWiki before 1.19.10, 1.2x before 1.21.4,
  and 1.22.x before 1.22.1 on Windows.");

  script_tag(name:"solution", value:"Upgrade to version 1.19.10 or 1.21.4 or
  1.22.1 or later.");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_xref(name:"URL", value:"https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/65003");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("secpod_mediawiki_detect.nasl", "os_detection.nasl");
  script_mandatory_keys("mediawiki/installed", "Host/runs_windows");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!port = get_app_port(cpe:CPE))
  exit(0);

if(!vers = get_app_version(cpe:CPE, port:port))
  exit(0);

if(version_is_less(version:vers, test_version:"1.19.10")) {
  fix = "1.19.10";
  VULN = TRUE ;
}

else if(version_in_range(version:vers, test_version:"1.20", test_version2:"1.21.3")) {
  fix = "1.21.4";
  VULN = TRUE ;
}

else if(version_is_equal(version:vers, test_version:"1.22.0")) {
  fix = "1.22.1";
  VULN = TRUE ;
}

if(VULN) {
  report = report_fixed_ver(installed_version:vers, fixed_version:fix);
  security_message(port:port, data:report);
  exit(0);
}

exit(99);

Related

openvas 32
fedora 23
mageia 1
nessus 4
securityvulns 2
debian 3
osv 1
debiancve 5
cve 5
ubuntucve 5
prion 5
gentoo 1
openvas
openvas
MediaWiki Multiple Vulnerabilities -02 (Nov 2015) - Linux
2015-11-26 00:00:00
Fedora Update for mediawiki FEDORA-2014-4511
2014-04-10 00:00:00
Fedora Update for mediawiki FEDORA-2014-4478
2014-04-10 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: mediawiki-1.21.5-1.fc19
2014-02-07 03:06:58
[SECURITY] Fedora 20 Update: mediawiki-1.21.5-1.fc20
2014-02-07 03:09:15
[SECURITY] Fedora 20 Update: mediawiki-1.21.10-1.fc20
2014-06-10 03:02:05
mageia
mageia
Updated mediawiki packages fix security vulnerabilities
2014-03-03 00:53:30
nessus
nessus
MediaWiki < 1.19.10 / 1.21.4 / 1.22.1 Multiple Vulnerabilities
2014-02-06 00:00:00
Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:057)
2014-03-14 00:00:00
Debian DSA-2891-1 : mediawiki, mediawiki-extensions Multiple Vulnerabilities
2014-03-31 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:057 ] mediawiki
2014-05-05 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-05-05 00:00:00
debian
debian
[SECURITY] [DSA 2891-1] mediawiki security update
2014-03-30 09:25:39
[SECURITY] [DSA 2891-2] mediawiki regression update
2014-03-31 17:07:21
[SECURITY] [DSA 2891-3] mediawiki regression update
2014-04-04 18:02:59
osv
osv
mediawiki - security update
2014-03-30 00:00:00
debiancve
debiancve
CVE-2013-6453
2014-05-12 14:55:00
CVE-2013-6452
2014-05-12 14:55:00
CVE-2013-6451
2020-01-28 15:15:00
cve
cve
CVE-2013-6453
2014-05-12 14:55:00
CVE-2013-6452
2014-05-12 14:55:00
CVE-2013-6454
2014-05-12 14:55:00
ubuntucve
ubuntucve
CVE-2013-6453
2014-05-12 00:00:00
CVE-2013-6452
2014-05-12 00:00:00
CVE-2013-6451
2020-01-28 00:00:00
prion
prion
Design/Logic Flaw
2014-05-12 14:55:00
Information disclosure
2014-05-12 14:55:00
Cross site scripting
2020-01-28 15:15:00
gentoo
gentoo
MediaWiki: Multiple vulnerabilities
2015-02-07 00:00:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.6%

JSON
Related for OPENVAS:1361412562310806632
openvas32fedora23mageia1nessus4securityvulns2debian3osv1debiancve5cve5ubuntucve5prion5gentoo1