VuXML ID | Description |
3fadb7c6-7b0a-11e0-89b4-001ec9578670 | mediawiki -- multiple vulnerabilities
Mediawiki reports:
(Bug 28534) XSS vulnerability for IE 6 clients. This is the
third attempt at fixing bug 28235.
(Bug 28639) Potential privilege escalation when
$wgBlockDisablesLogin is enabled.
Discovery 2011-04-14 Entry 2011-05-12 mediawiki
< 1.16.5
https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
https://bugzilla.wikimedia.org/show_bug.cgi?id=28639
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_5/phase3/RELEASE-NOTES
|
61b07d71-ce0e-11dd-a721-0030843d3802 | mediawiki -- multiple vulnerabilities
The MediaWiki development team reports:
Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
Certain unspecified input related to uploads is not properly
sanitised before being used. This can be exploited to inject arbitrary
HTML and script code, which will be executed in a user's browser
session in context of an affected site when a malicious data is
opened. Successful exploitation may require that uploads are enabled
and the victim uses an Internet Explorer based browser.
Certain SVG scripts are not properly sanitised before being used.
This can be exploited to inject arbitrary HTML and script code, which
will be executed in a user's browser session in context of an affected
site when a malicious data is opened. Successful exploitation may require
that SVG uploads are enabled and the victim uses a browser supporting SVG
scripting.
The application allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the
requests. This can be exploited to perform certain operations when a
logged in user visits a malicious site.
Discovery 2008-12-15 Entry 2008-12-19 mediawiki
gt 1.6.0 lt 1.6.11
gt 1.12.0 lt 1.12.3
gt 1.13.0 lt 1.13.3
CVE-2008-5249
CVE-2008-5250
CVE-2008-5252
http://secunia.com/advisories/33133/
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html
|
694da5b4-5877-11df-8d80-0015587e2cc1 | mediawiki -- authenticated CSRF vulnerability
A MediaWiki security announcement reports:
MediaWiki was found to be vulnerable to login CSRF.
An attacker who controls a user account on the target
wiki can force the victim to log in as the attacker,
via a script on an external website.
If the wiki is configured to allow user scripts, say
with "$wgAllowUserJs = true" in LocalSettings.php, then
the attacker can proceed to mount a phishing-style
attack against the victim to obtain their password.
Discovery 2010-04-07 Entry 2010-05-05 mediawiki
< 1.15.3
CVE-2010-1150
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
|
74b7403c-c4d5-11da-b2fb-000e0c2e438a | mediawiki -- cross site scripting vulnerability
The mediawiki development team reports that there is an
site scripting vulnerability within mediawiki. The
vulnerability is caused by improper checking of encoded
links which could allow the injection of html in the output
generated by mediawiki. This could lead to cross site
scripting attacks against mediawiki installations.
Discovery 2006-03-27 Entry 2006-04-05 mediawiki
ge 1.4 lt 1.4.14
ge 1.5 lt 1.5.7
17269
CVE-2006-1498
http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html
|
7c0fecd6-f42f-11e1-b17b-000c2977ec30 | mediawiki -- multiple vulnerabilities
Mediawiki reports:
(Bug 39700) Wikipedia administrator Writ Keeper discovered
a stored XSS (HTML injection) vulnerability. This was
possible due to the handling of link text on File: links for
nonexistent files. MediaWiki 1.16 and later is affected.
(Bug 39180) User Fomafix reported several DOM-based XSS
vulnerabilities, made possible by a combination of loose
filtering of the uselang parameter, and JavaScript gadgets
on various language Wikipedias.
(Bug 39180) During internal review, it was discovered that
CSRF tokens, available via the api, were not protected with
X-Frame-Options headers. This could lead to a CSRF vulnerability
if the API response is embedded in an external website using
using an iframe.
(Bug 39824) During internal review, it was discovered extensions
were not always allowed to prevent the account creation action.
This allowed users blocked by the GlobalBlocking extension to
create accounts.
(Bug 39184) During internal review, it was discovered that
password data was always saved to the local MediaWiki database
even if authentication was handled by an extension, such as LDAP.
This could allow a compromised MediaWiki installation to leak
information about user's LDAP passwords. Additionally, in situations
when an authentication plugin returned false in its strict
function, this would allow old passwords to be used for accounts
that did not exist in the external system, indefinitely.
(Bug 39823) During internal review, it was discovered that metadata
about blocks, hidden by a user with suppression rights, was visible
to administrators.
Discovery 2012-08-27 Entry 2012-09-01 mediawiki
ge 1.19 lt 1.19.2
ge 1.18 lt 1.18.5
https://bugzilla.wikimedia.org/show_bug.cgi?id=39700
https://bugzilla.wikimedia.org/show_bug.cgi?id=37587
https://bugzilla.wikimedia.org/show_bug.cgi?id=39180
https://bugzilla.wikimedia.org/show_bug.cgi?id=39824
https://bugzilla.wikimedia.org/show_bug.cgi?id=39184
https://bugzilla.wikimedia.org/show_bug.cgi?id=39823
CVE-2012-4377
CVE-2012-4378
CVE-2012-4379
CVE-2012-4380
CVE-2012-4381
CVE-2012-4382
|
8d04cfbd-344d-11e0-8669-0025222482c5 | mediawiki -- multiple vulnerabilities
Medawiki reports:
An arbitrary script inclusion vulnerability was discovered. The
vulnerability only allows execution of files with names ending in
".php" which are already present in the local filesystem. Only servers
running Microsoft Windows and possibly Novell Netware are affected.
Despite these mitigating factors, all users are advised to upgrade,
since there is a risk of complete server compromise. MediaWiki 1.8.0
and later is affected.
Security researcher mghack discovered a CSS injection
vulnerability. For Internet Explorer and similar browsers, this is
equivalent to an XSS vulnerability, that is to say, it allows the
compromise of wiki user accounts. For other browsers, it allows private
data such as IP addresses and browsing patterns to be sent to a malicious
external web server. It affects all versions of MediaWiki. All users are
advised to upgrade.
Discovery 2011-02-01 Entry 2011-02-09 mediawiki
< 1.16.2
CVE-2011-0047
https://bugzilla.wikimedia.org/show_bug.cgi?id=27094
https://bugzilla.wikimedia.org/show_bug.cgi?id=27093
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_2/phase3/RELEASE-NOTES
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html
|
99015cf5-c4dd-11da-b2fb-000e0c2e438a | mediawiki -- hardcoded placeholder string security bypass vulnerability
The mediawiki development team reports a vulnerability
within the mediawiki application. The vulnerability is
caused by improper checking of inline style attributes. This
could result in the execution of arbitrary javascript code in
Microsoft Internet Explorer. It appears that other browsers
are not affected by this vulnerability.
Discovery 2005-12-22 Entry 2006-04-05 mediawiki
< 1.5.4
16032
CAN-2005-4501
http://sourceforge.net/project/shownotes.php?release_id=379951
|
c9c14242-6843-11dc-82b6-02e0185f8d72 | mediawiki -- cross site scripting vulnerability
The MediaWiki development team reports:
A possible HTML/XSS injection vector in the API
pretty-printing mode has been found and fixed.
The vulnerability may be worked around in an unfixed version
by simply disabling the API interface if it is not in use, by
adding this to LocalSettings.php:
$wgEnableAPI = false;
(This is the default setting in 1.8.x.)
Discovery 2007-09-10 Entry 2007-09-21 Modified 2007-10-10 mediawiki
gt 1.10.0 lt 1.10.2
gt 1.9.0 lt 1.9.4
gt 1.8.0 lt 1.8.5
CVE-2007-4828
http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html
|
e177c410-1943-11e0-9d1c-000c29ba66d2 | mediawiki -- Clickjacking vulnerabilities
Clickjacking vulnerabilities:
Clickjacking is a type of vulnerability discovered in 2008, which
is similar to CSRF. The attack involves displaying the target webpage
in a iframe embedded in a malicious website. Using CSS, the submit button
of the form on the targeit webpage is made invisible, and then overlaid
with some button or link on the malicious website that encourages
the user to click on it.
Discovery 2011-01-04 Entry 2011-01-06 mediawiki
gt 1.16 lt 1.16.1
gt 1.15 lt 1.15.5_1
https://bugzilla.wikimedia.org/show_bug.cgi?id=26561
|
fc55e396-6deb-11df-8b8e-000c29ba66d2 | mediawiki -- two security vulnerabilities
Two security vulnerabilities were discovered:
Noncompliant CSS parsing behaviour in Internet Explorer
allows attackers to construct CSS strings which are treated
as safe by previous versions of MediaWiki, but are decoded
to unsafe strings by Internet Explorer.
A CSRF vulnerability was discovered in our login interface.
Although regular logins are protected as of 1.15.3, it was
discovered that the account creation and password reset
reset features were not protected from CSRF. This could lead
to unauthorised access to private wikis.
Discovery 2010-05-28 Entry 2010-06-02 mediawiki
< 1.15.4
http://secunia.com/advisories/39922/
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
|