Test ID:	1.3.6.1.4.1.25623.1.0.804321
Category:	Web application abuses
Title:	Mediawiki < 1.19.12, 1.20.x < 1.21.6, 1.22.x < 1.22.3 Multiple Vulnerabilities (Mar 2014) - Active Check
Summary:	MediaWiki is prone to multiple vulnerabilities.
Description:	Summary: MediaWiki is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Input passed via 'text' parameter to 'api.php' is not properly sanitised before being returned to the user. - Input to 'includes/upload/UploadBase.php' script is not properly sanitised during the uploading of an SVG namespace. - Error in 'includes/User.php' script in 'theloadFromSession' function. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site and attacker can gain sensitive information. Affected Software/OS: Mediawiki versions 1.19.x prior to 1.19.12, 1.20.x, 1.21.x prior to 1.21.6 and 1.22.x prior to 1.22.3. Solution: Update to version 1.19.12, 1.21.6, 1.22.3 or later. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2242 BugTraq ID: 65910 http://www.securityfocus.com/bid/65910 http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html http://openwall.com/lists/oss-security/2014/02/28/1 http://openwall.com/lists/oss-security/2014/03/01/2 Common Vulnerability Exposure (CVE) ID: CVE-2014-2243 Common Vulnerability Exposure (CVE) ID: CVE-2014-2244 BugTraq ID: 65906 http://www.securityfocus.com/bid/65906
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.