Description
Multiple serious vulnerabilities have been found in MediaWiki. Malicious users can exploit these vulnerabilities to bypass security restrictions, inject arbitrary code, cause denial of service or obtain sensitive information.
Below is a complete list of vulnerabilities
- Unknown vulnerability can be exploited remotely via a specially designed SVG, PDF, password or entity manipuations;
- XSS vulnerability in CheckUser extension can be exploited remotely via a specially designed request;
- CSRF vulnerability in Scripunto extension can be exploited remotely via an unknown vectors;
- XSS vulnerability can be exploited remotely via a specially designed JS or string;
- Improper entities handle can be exploited remotely via a specially designed SVG file;
- Incomplete blacklist can be exploited remotely via a specially designed XLink or SVG.
Original advisories
Related products
CVE list
- CVE-2015-2941 warning
- CVE-2015-2942 high
- CVE-2015-2932 warning
- CVE-2015-2931 warning
- CVE-2015-2938 warning
- CVE-2015-2937 high
- CVE-2015-2936 high
- CVE-2015-2935 critical
- CVE-2015-2939 warning
- CVE-2015-2940 high
- CVE-2015-2933 warning
- CVE-2015-2934 warning
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!