MediaWiki: Cross-site scripting vulnerability MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution. mediawiki 2006-04-04 2006-04-04 127971 remote 1.4.15 1.4.15

MediaWiki is a collaborative editing software, used by big projects like Wikipedia.

MediaWiki fails to decode certain encoded URLs correctly.

By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or JavaScript code that will be executed in a user's browser session in the context of the vulnerable site.

There is no known workaround at this time.

All MediaWiki users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.4.15" CVE-2006-1498 MediaWiki 1.4.15 Release Notes koon koon DerCorny