MediaWiki Multiple Security Vulnerabilities

Bugtraq ID:	52689
Class:	Input Validation Error
CVE:	CVE-2012-1578 CVE-2012-1579 CVE-2012-1580 CVE-2012-1581 CVE-2012-1582 CVE-2012-4885
Remote:	Yes
Local:	No
Published:	Mar 22 2012 12:00AM
Updated:	Mar 19 2015 07:35AM
Credit:	Sam Reed, Brion Vibber, Jan Schejbal, George Argyros and Aggelos Kiayias and Bawolff Bawolff
Vulnerable:	MediaWiki Mediawiki 1.18.1
Not Vulnerable:	MediaWiki Mediawiki 1.18.2

MediaWiki Multiple Security Vulnerabilities

MediaWiki is prone to a cross-site scripting vulnerability, a PRNG seed vulnerability, and multiple cross-site request-forgery vulnerabilities.

An attacker can exploit these issues to perform unauthorized actions in the context of a user's session or execute arbitrary script code in the context of the vulnerable application, potentially allowing the attacker to steal cookie-based authentication credentials.

MediaWiki Multiple Security Vulnerabilities

An attacker must trick an unsuspecting victim into following a malicious URI to exploit these issues.

MediaWiki Multiple Security Vulnerabilities

Solution:
Vendor updates are available. Please see the references for more information.

MediaWiki Multiple Security Vulnerabilities

References:

• MediaWiki Homepage (MediaWiki)
  
• [Wikitech-l] MediaWiki security and maintenance release 1.18.2 (Sam Reed)