VuXML ID | Description |
8d04cfbd-344d-11e0-8669-0025222482c5 | mediawiki -- multiple vulnerabilities
Medawiki reports:
An arbitrary script inclusion vulnerability was discovered. The
vulnerability only allows execution of files with names ending in
".php" which are already present in the local filesystem. Only servers
running Microsoft Windows and possibly Novell Netware are affected.
Despite these mitigating factors, all users are advised to upgrade,
since there is a risk of complete server compromise. MediaWiki 1.8.0
and later is affected.
Security researcher mghack discovered a CSS injection
vulnerability. For Internet Explorer and similar browsers, this is
equivalent to an XSS vulnerability, that is to say, it allows the
compromise of wiki user accounts. For other browsers, it allows private
data such as IP addresses and browsing patterns to be sent to a malicious
external web server. It affects all versions of MediaWiki. All users are
advised to upgrade.
Discovery 2011-02-01 Entry 2011-02-09 mediawiki
< 1.16.2
CVE-2011-0047
https://bugzilla.wikimedia.org/show_bug.cgi?id=27094
https://bugzilla.wikimedia.org/show_bug.cgi?id=27093
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_2/phase3/RELEASE-NOTES
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html
|
694da5b4-5877-11df-8d80-0015587e2cc1 | mediawiki -- authenticated CSRF vulnerability
A MediaWiki security announcement reports:
MediaWiki was found to be vulnerable to login CSRF.
An attacker who controls a user account on the target
wiki can force the victim to log in as the attacker,
via a script on an external website.
If the wiki is configured to allow user scripts, say
with "$wgAllowUserJs = true" in LocalSettings.php, then
the attacker can proceed to mount a phishing-style
attack against the victim to obtain their password.
Discovery 2010-04-07 Entry 2010-05-05 mediawiki
< 1.15.3
CVE-2010-1150
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
|
fc55e396-6deb-11df-8b8e-000c29ba66d2 | mediawiki -- two security vulnerabilities
Two security vulnerabilities were discovered:
Noncompliant CSS parsing behaviour in Internet Explorer
allows attackers to construct CSS strings which are treated
as safe by previous versions of MediaWiki, but are decoded
to unsafe strings by Internet Explorer.
A CSRF vulnerability was discovered in our login interface.
Although regular logins are protected as of 1.15.3, it was
discovered that the account creation and password reset
reset features were not protected from CSRF. This could lead
to unauthorised access to private wikis.
Discovery 2010-05-28 Entry 2010-06-02 mediawiki
< 1.15.4
http://secunia.com/advisories/39922/
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
|
61b07d71-ce0e-11dd-a721-0030843d3802 | mediawiki -- multiple vulnerabilities
The MediaWiki development team reports:
Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
Certain unspecified input related to uploads is not properly
sanitised before being used. This can be exploited to inject arbitrary
HTML and script code, which will be executed in a user's browser
session in context of an affected site when a malicious data is
opened. Successful exploitation may require that uploads are enabled
and the victim uses an Internet Explorer based browser.
Certain SVG scripts are not properly sanitised before being used.
This can be exploited to inject arbitrary HTML and script code, which
will be executed in a user's browser session in context of an affected
site when a malicious data is opened. Successful exploitation may require
that SVG uploads are enabled and the victim uses a browser supporting SVG
scripting.
The application allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the
requests. This can be exploited to perform certain operations when a
logged in user visits a malicious site.
Discovery 2008-12-15 Entry 2008-12-19 mediawiki
gt 1.6.0 lt 1.6.11
gt 1.12.0 lt 1.12.3
gt 1.13.0 lt 1.13.3
CVE-2008-5249
CVE-2008-5250
CVE-2008-5252
http://secunia.com/advisories/33133/
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html
|
3fadb7c6-7b0a-11e0-89b4-001ec9578670 | mediawiki -- multiple vulnerabilities
Mediawiki reports:
(Bug 28534) XSS vulnerability for IE 6 clients. This is the
third attempt at fixing bug 28235.
(Bug 28639) Potential privilege escalation when
$wgBlockDisablesLogin is enabled.
Discovery 2011-04-14 Entry 2011-05-12 mediawiki
< 1.16.5
https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
https://bugzilla.wikimedia.org/show_bug.cgi?id=28639
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_5/phase3/RELEASE-NOTES
|