MediaWiki SemanticForms XSS Vulnerability (CVE-2015-6732)
MediaWiki SemanticForms XSS Vulnerability (CVE-2015-6732)
Release date:
Updated on: 2015-09-02
Affected Systems:
MediaWiki <1.25.2
MediaWiki <1.24.3
MediaWiki <1.23.10
Description:
CVE (CAN) ID: CVE-2015-6732
MediaWiki is a famous wiki program running in the PHP + MySQL environment.
Multiple cross-site scripting vulnerabilities exist in the SemanticForms extension of MediaWiki, which allows remote attackers to use the wpSummary parameter in Special: FormEdit and the Template label (optional) in the form) "field, the name of the field in the template, injection Web script or HTML.
<* Source: MediaWiki
*>
Suggestion:
Vendor patch:
MediaWiki
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://phabricator.wikimedia.org/T103391
Https://phabricator.wikimedia.org/T103765
Https://phabricator.wikimedia.org/T103761
This article permanently updates the link address: