Joined: 23 Sep 2003
Location: Sat in front of my computer
|Posted: Tue Jun 14, 2005 5:54 pm Post subject: [ GLSA 200506-12 ] MediaWiki: Cross-site scripting vulnerabi
|Gentoo Linux Security Advisory
Title: MediaWiki: Cross-site scripting vulnerability (GLSA 200506-12)
Date: June 13, 2005
MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary scripting code execution.
MediaWiki is a collaborative editing software, used by big projects like Wikipedia.
Vulnerable: < 1.4.5
Unaffected: >= 1.4.5
Unaffected: >= 1.3.13 < 1.3.14
Architectures: All supported architectures
MediaWiki incorrectly handles page template inclusions, rendering it vulnerable to cross-site scripting attacks.
A remote attacker could exploit this vulnerability to inject malicious script code that will be executed in a user's browser session in the context of the vulnerable site.
There is no known workaround at this time.
All MediaWiki users should upgrade to the latest available versions:
|# emerge --sync
# emerge --ask --oneshot --verbose www-apps/mediawiki
MediaWiki 1.4.5 Release Notes
Last edited by GLSA on Sun May 07, 2006 4:57 pm; edited 1 time in total