Debian Security Advisory DSA 2366-1 (mediawiki)

The remote host is missing an update to mediawiki announced via advisory DSA 2366-1. OpenVAS Vulnerability Test $Id: deb23661.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2366-1 mediawiki Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

CVE-2011-1580

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request...

DEBIAN-CVE-2011-1580

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request...

CVE-2011-1580

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request...

Cross site request forgery (csrf)

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request...

MediaWiki 1.16.3之前版本存在多个远程漏洞

Bugtraq ID: 47354 MediaWiki是一套以GPL授权发行的Wiki引擎。 MediaWiki存在多个安全漏洞，允许恶意用户进行跨站脚本攻击和绕过部分安全限制。 -应用程序不正确防止部分浏览器如Internet Explorer 6基于查询URL结尾来猜测内容类型，可被利用注入和执行HTML，在目标用户浏览器上执行任意脚本代码。 -通过CSS评注传递的输入在显示给用户之前，wikitext解析器没有对其进行过滤，可被利用注入和执行HTML，在目标用户浏览器上执行任意脚本代码。 -transwiki导入功能没有正确限制表单发送访问，可被利用执行未授权远程资源导入。...