GLSA Bodhisattva
Joined: 23 Sep 2003 Posts: 7221 Location: Sat in front of my computer
|
Posted: Tue Jun 14, 2005 5:54 pm Post subject: [ GLSA 200506-12 ] MediaWiki: Cross-site scripting vulnerabi |
|
|
Gentoo Linux Security Advisory
Title: MediaWiki: Cross-site scripting vulnerability (GLSA 200506-12)
Severity: low
Exploitable: remote
Date: June 13, 2005
Bug(s): #95255
ID: 200506-12
Synopsis
MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary scripting code execution.
Background
MediaWiki is a collaborative editing software, used by big projects like Wikipedia.
Affected Packages
Package: www-apps/mediawiki
Vulnerable: < 1.4.5
Unaffected: >= 1.4.5
Unaffected: >= 1.3.13 < 1.3.14
Architectures: All supported architectures
Description
MediaWiki incorrectly handles page template inclusions, rendering it vulnerable to cross-site scripting attacks.
Impact
A remote attacker could exploit this vulnerability to inject malicious script code that will be executed in a user's browser session in the context of the vulnerable site.
Workaround
There is no known workaround at this time.
Resolution
All MediaWiki users should upgrade to the latest available versions: Code: | # emerge --sync
# emerge --ask --oneshot --verbose www-apps/mediawiki |
References
MediaWiki 1.4.5 Release Notes
Last edited by GLSA on Sun May 07, 2006 4:57 pm; edited 1 time in total |
|