MediaWiki thumb. php XSS Vulnerability (CVE-2015-6730)
MediaWiki thumb. php XSS Vulnerability (CVE-2015-6730)
Release date:
Updated on: 2015-09-02
Affected Systems:
MediaWiki <1.25.2
MediaWiki <1.24.3
MediaWiki <1.23.10
Description:
CVE (CAN) ID: CVE-2015-6730
MediaWiki is a famous wiki program running in the PHP + MySQL environment.
In versions earlier than MediaWiki 1.23.10, 1.24.3, and 1.25.2, the cross-site scripting vulnerability in thumb. php allows remote attackers to inject Web scripts or HTML through f parameters.
<* Source: MediaWiki
*>
Suggestion:
Vendor patch:
MediaWiki
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
Https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html
This article permanently updates the link address: