Test ID:	1.3.6.1.4.1.25623.1.0.902070
Category:	Web application abuses
Title:	MediaWiki 1.15.x < 1.15.4, 1.16.x < 1.16 beta 3 XSS and CSRF Vulnerabilities
Summary:	MediaWiki is prone to cross-site scripting (XSS) and cross-site; request forgery (CSRF) vulnerabilities.
Description:	Summary: MediaWiki is prone to cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities. Vulnerability Insight: - A flaw is present while processing crafted Cascading Style Sheets (CSS) strings, which are processed as scripts - An error is present in the 'Special:Userlogin' form, which allows remote attackers to hijack the authentication of users for requests that create accounts or reset passwords. Vulnerability Impact: Successful exploitation will allow remote attackers to inject arbitrary web script or HTML and to hijack the authentication of users. Affected Software/OS: MediaWiki versions 1.15.x prior to 1.15.4 and 1.16.x prior to 1.16 beta 3. Solution: Update to version 1.15.4, 1.16 beta 3 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1647 FEDORA-2010-10779 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html FEDORA-2010-10848 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html [MediaWiki-announce] 20100528 MediaWiki security update: 1.15.4 and 1.16.0beta3 http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html https://bugzilla.wikimedia.org/show_bug.cgi?id=23687 Common Vulnerability Exposure (CVE) ID: CVE-2010-1648 https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.