MediaWiki.Parser.Script.Insertion.XSS
Description
This indicates an attack attempt against a cross-site scripting (XSS) vulnerability in MediaWiki.
The vulnerability exists in includes/Sanitizer.php in the variable handler. It is caused by the application's inability to properly sanitize user-supplied input. It may allow a remote attacker to execute arbitrary script.
Affected Products
MediaWiki versions prior to 1.6.6
Impact
Arbitrary Javascript Injection.
Recommended Actions
Upgrade to MediaWiki version 1.6.6:
http://www.mediawiki.org/wiki/Download
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |