- Home
- CVEs with nessus.description==According to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities :
- A stored cross-site scripting (HTML injection) vulnerability exists because the application fails to sufficiently sanitize user-supplied input submitted to the 'File:' tag of a non-existing image through comments. (CVE-2012-4377)
- Multiple DOM-based cross-site scripting vulnerabilities exist because the application fails to sufficiently sanitize user-supplied input to the 'uselang' parameter and JavaScript gadgets on various language Wikipedias. (CVE-2012-4378)
- A cross-site request forgery (XSRF) vulnerability exists because the application fails to properly validate requests when X-Frame-Options headers are used. (CVE-2012-4379)
- A security-bypass vulnerability exists because the application fails to prevent the account creation for IP addresses blocked with the 'GlobalBlocking' extension.
(CVE-2012-4380)
- A security-bypass vulnerability exists because the application fails to prevent the use of old passwords in the external authentication system for non-existing accounts. (CVE-2012-4381)
- An information disclosure occurs when an admin attempts to block a user who has already been blocked. This discloses the block reason to the second admin, regardless of the admin's privileges. (CVE-2012-4382)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top