A user with the ability to upload images can post a link to a malicious image hosted outside of MediaWiki, where JavaScript is injected into the page. A Mediawiki page can be accessed with a malicious link that has XSS and executed code is executed. An attacker can post a link to a malicious image hosted outside of MediaWiki, where JavaScript is injected into the page. A Mediawiki page can be accessed with a malicious link that has XSS and executed code is executed. An attacker can exploit this vulnerability to execute code on the Mediawiki installation. When Mediawiki is used on a website, an attacker may be able to steal login credentials, obtain sensitive information, or manipulate the functionality of the website. CVE-2017-16374 MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1 is vulnerable to a vulnerability that allows an attacker to execute code on the Mediawiki installation. A flaw exists in the way data is sanitised before being stored in the database. An attacker can exploit this to inject malicious code. When Mediawiki is used on a website, an attacker may be able to steal login credentials, obtain sensitive information, or manipulate the functionality of the website. CVE-2017-16382 MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1 is
Overview of the MediaWiki Vulnerabilities
MediaWiki is an open-source wiki software written in PHP and has a large number of users. The MediaWiki software is used by many websites to provide a centralized location for all their content and users to create, edit, or view information on that website.
Timeline
Published on: 12/26/2022 05:15:00 UTC
Last modified on: 01/04/2023 02:04:00 UTC