Описание
Multiple serious vulnerabilities have been found in MediaWiki. Malicious users can exploit these vulnerabilities to bypass security restrictions, inject arbitrary code, cause denial of service or obtain sensitive information.
Below is a complete list of vulnerabilities
- Unknown vulnerability can be exploited remotely via a specially designed SVG, PDF, password or entity manipuations;
- XSS vulnerability in CheckUser extension can be exploited remotely via a specially designed request;
- CSRF vulnerability in Scripunto extension can be exploited remotely via an unknown vectors;
- XSS vulnerability can be exploited remotely via a specially designed JS or string;
- Improper entities handle can be exploited remotely via a specially designed SVG file;
- Incomplete blacklist can be exploited remotely via a specially designed XLink or SVG.
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2015-2941 warning
- CVE-2015-2942 high
- CVE-2015-2932 warning
- CVE-2015-2931 warning
- CVE-2015-2938 warning
- CVE-2015-2937 high
- CVE-2015-2936 high
- CVE-2015-2935 warning
- CVE-2015-2939 warning
- CVE-2015-2940 high
- CVE-2015-2933 warning
- CVE-2015-2934 warning
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!