MediaWiki Encoded Page Link HTML Injection Vulnerability

Bugtraq ID:	17269
Class:	Input Validation Error
CVE:	CVE-2006-1498
Remote:	Yes
Local:	No
Published:	Mar 27 2006 12:00AM
Updated:	Apr 04 2006 08:43PM
Credit:	The vendor reported this vulnerability.
Vulnerable:	S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 MediaWiki MediaWiki 1.5.7 MediaWiki MediaWiki 1.4.14 Gentoo Linux
Not Vulnerable:	MediaWiki MediaWiki 1.5.8 MediaWiki MediaWiki 1.4.15

MediaWiki Encoded Page Link HTML Injection Vulnerability

MediaWiki is prone to an HTML-injection vulnerability. This issue is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

MediaWiki Encoded Page Link HTML Injection Vulnerability

This issue can be exploited via a web client.

MediaWiki Encoded Page Link HTML Injection Vulnerability

Solution:

The vendor has released versions 1.5.8 and 1.4.15 to address this issue.


MediaWiki MediaWiki 1.4.14

• MediaWiki mediawiki-1.4.15.tar.gz
  http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.15.tar.gz

MediaWiki MediaWiki 1.5.7

• MediaWiki mediawiki-1.5.8.tar.gz
  http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.8.tar.gz

MediaWiki Encoded Page Link HTML Injection Vulnerability

References:

• HTML injection in encoded page links (MediaWiki)
  
• MediaWiki Homepage (MediaWiki)