MediaWiki Multiple Remote Input Validation Vulnerabilities

MediaWiki is reported prone to multiple cross-site scripting, HTML injection, and SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input data.

HTML injection, and cross-site scripting vulnerabilities allow for attacker-supplied HTML and script code to be executed in the victims browser in the context of the affected site.

SQL injection vulnerabilities allow attackers to manipulate SQL queries, potentially revealing or corrupting sensitive database data. This issue may also facilitate attacks against the underlying database software.

These vulnerabilities are reported to exist in MediaWiki version 1.3.5, but other versions are also possibly affected.


Privacy Statement
Copyright 2010, SecurityFocus