FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- cross site scripting vulnerability

Affected packages
1.4 <= mediawiki < 1.4.14
1.5 <= mediawiki < 1.5.7


VuXML ID 74b7403c-c4d5-11da-b2fb-000e0c2e438a
Discovery 2006-03-27
Entry 2006-04-05

The mediawiki development team reports that there is an site scripting vulnerability within mediawiki. The vulnerability is caused by improper checking of encoded links which could allow the injection of html in the output generated by mediawiki. This could lead to cross site scripting attacks against mediawiki installations.


Bugtraq ID 17269
CVE Name CVE-2006-1498