Test ID:	1.3.6.1.4.1.25623.1.0.805387
Category:	Web application abuses
Title:	MediaWiki 'Language Variants' < 1.19.24, 1.20.x < 1.23.9, 1.24.x < 1.24.2 XSS Vulnerability - Active Check
Summary:	MediaWiki is prone to a cross-site scripting (XSS); vulnerability.
Description:	Summary: MediaWiki is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw exists because of language is set to a language with variants, then 'wpTextbox1' POST parameter to the 'index.php' script is not validated before returning it to users. Vulnerability Impact: Successful exploitation will allow remote attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: Language variants for Mediawiki versions prior to 1.19.24, 1.20.x prior to 1.23.9 and 1.24.x prior to 1.24.2. Solution: Update to version 1.19.24, 1.23.9 or 1.24.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2933 BugTraq ID: 73477 http://www.securityfocus.com/bid/73477 https://security.gentoo.org/glsa/201510-05 http://www.mandriva.com/security/advisories?name=MDVSA-2015:200 https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html http://www.openwall.com/lists/oss-security/2015/04/01/1 http://www.openwall.com/lists/oss-security/2015/04/07/3
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.