Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0253
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0253)
Zusammenfassung:	The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2014-0253 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2014-0253 advisory. Vulnerability Insight: XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this could potentially lead to an XSS crossing a privilege boundary (CVE-2014-3966). Affected Software/OS: 'mediawiki' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3966 BugTraq ID: 67787 http://www.securityfocus.com/bid/67787 Debian Security Information: DSA-2957 (Google Search) http://www.debian.org/security/2014/dsa-2957 http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-May/000151.html http://www.openwall.com/lists/oss-security/2014/06/04/15 http://www.securitytracker.com/id/1030364 http://secunia.com/advisories/58834 http://secunia.com/advisories/58896
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.