Test ID:	1.3.6.1.4.1.25623.1.0.902380
Category:	Web application abuses
Title:	MediaWiki < 1.16.5 XSS Vulnerability - Active Check
Summary:	MediaWiki is prone to a cross-site scripting (XSS); vulnerability.
Description:	Summary: MediaWiki is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to an error when handling the file extension such as '.shtml' at the end of the query string, along with URI containing a '%2E' sequence in place of the .(dot) character. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: MediaWiki version prior to 1.16.5. Solution: Update to version 1.16.5 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1765 44684 http://secunia.com/advisories/44684 47722 http://www.securityfocus.com/bid/47722 FEDORA-2011-6774 http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html FEDORA-2011-6775 http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html FEDORA-2011-6781 http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html [mediawiki-announce] 20110505 MediaWiki security release 1.16.5 http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html https://bugzilla.redhat.com/show_bug.cgi?id=702512 https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.