Test ID:	1.3.6.1.4.1.25623.1.0.900469
Category:	Web application abuses
Title:	MediaWiki 1.6.x < 1.6.12, 1.12.x < 1.12.4, 1.13.x < 1.13.4 Multiple XSS Vulnerabilities
Summary:	MediaWiki is prone to multiple cross-site scripting (XSS); vulnerabilities.
Description:	Summary: MediaWiki is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: Multiple flaws are caused as the data supplied by the user via unspecified vectors is not adequately sanitised before being passed into the file 'config/index.php' of MediaWiki. Vulnerability Impact: Successful exploitation will let the attacker include arbitrary HTML or web scripts in the scope of the browser. This may lead to cross site scripting attacks and the attacker may gain sensitive information of the remote user or of the web application. Affected Software/OS: MediaWiki versions 1.6.x prior to 1.6.12, 1.12.x prior to 1.12.4 and 1.13.x prior to 1.13.4. Solution: Update to version 1.6.12, 1.12.4, 1.13.4 or later. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0737 BugTraq ID: 33681 http://www.securityfocus.com/bid/33681 Debian Security Information: DSA-1901 (Google Search) http://www.debian.org/security/2009/dsa-1901 http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-February/000083.html http://secunia.com/advisories/33881 http://www.vupen.com/english/advisories/2009/0368
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.