Red Hat Fedora 15 Red Hat Fedora 14 Red Hat Fedora 13 MediaWiki MediaWiki 1.16.4 Gentoo Linux
MediaWiki MediaWiki 1.16.5
MediaWiki is prone to multiple remote vulnerabilities, including:
1. A cross-site scripting vulnerability.
2. An authentication-bypass vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the website, steal cookie-based authentication credentials, and gain unauthorized access to the affected application.
MediaWiki 1.16.4 is vulnerable; other versions may also be affected.
Proof of Concept and Security Exploits
Attackers can exploit these issues through a browser. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting victim to follow a malicious URI.
Solution: Updates are available. Please see the references for more information.