ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0253
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0253)
Resumen:	The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2014-0253 advisory.
Descripción:	Summary: The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2014-0253 advisory. Vulnerability Insight: XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this could potentially lead to an XSS crossing a privilege boundary (CVE-2014-3966). Affected Software/OS: 'mediawiki' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3966 BugTraq ID: 67787 http://www.securityfocus.com/bid/67787 Debian Security Information: DSA-2957 (Google Search) http://www.debian.org/security/2014/dsa-2957 http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-May/000151.html http://www.openwall.com/lists/oss-security/2014/06/04/15 http://www.securitytracker.com/id/1030364 http://secunia.com/advisories/58834 http://secunia.com/advisories/58896
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.