MediaWiki Multiple Security Vulnerabilities

MediaWiki is prone to the following security vulnerabilities:

1. Multiple HTML-injection vulnerabilities
2. Multiple cross-site scripting vulnerabilities
3. A cross-site request forgery vulnerability

An attacker can exploit these issues to perform unauthorized actions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials. This may aid in further attacks.

Versions prior to MediaWiki 1.23.10, 1.24.3 and 1.25.2 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus