Gentoo Logo

MediaWiki: Cross-site scripting vulnerability

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200506-12 / mediawiki
Release Date June 13, 2005
Latest Revision June 13, 2005: 01
Impact low
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
www-apps/mediawiki < 1.4.5 >= 1.4.5, revision >= 1.3.13 All supported architectures

Related bugreports: #95255

Synopsis

MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary scripting code execution.

2.  Impact Information

Background

MediaWiki is a collaborative editing software, used by big projects like Wikipedia.

Description

MediaWiki incorrectly handles page template inclusions, rendering it vulnerable to cross-site scripting attacks.

Impact

A remote attacker could exploit this vulnerability to inject malicious script code that will be executed in a user's browser session in the context of the vulnerable site.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All MediaWiki users should upgrade to the latest available versions:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose www-apps/mediawiki

4.  References

Print

Updated June 13, 2005

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Support OSL

Support OSL

Gentoo Centric Hosting: vr.org

VR Hosted

Tek Alchemy

Tek Alchemy

SevenL.net

SevenL.net

Global Netoptex Inc.

Global Netoptex Inc.

Bytemark

Bytemark
Copyright 2001-2008 Gentoo Foundation, Inc. Questions, Comments? Contact us.