MediaWiki SyntaxHighlight_GeSHi Extension Cross Site Scripting and Denial of Service Vulnerabilities

The SyntaxHighlight_GeSHi Extension for MediaWiki is prone to a cross-site scripting vulnerability and a denial-of-service vulnerability.

An attacker may leverage these issues to cause a denial-of-service condition or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.


 

Privacy Statement
Copyright 2010, SecurityFocus