MediaWiki Multiple XSS vulnerabilities

Overview :
New vulnerabilities discovered in MediaWiki
Affected Product(s) :
  • MediaWiki before 1.19.4 and 1.20.x before 1.20.3
Vulnerability Details :
CVE ID : CVE-2013-1817
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
CVE ID : CVE-2013-1816
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.

Remediation / Fixes :

All MediaWiki 1.21.x users should upgrade to the latest version :

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.21.2"

All MediaWiki 1.20.x users should upgrade to the latest version :

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.20.7"

All MediaWiki 1.19.x users should upgrade to the latest version :

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.19.8"

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-9473 : PALO ALTO GLOBALPROTECT APP UP TO 5.1/6.1/6.2.4/6.3 ON WINDOWS REPAIR UNNECESSARY PRIVILEGES

CVE-2024-9473 : PALO ALTO GLOBALPROTECT APP UP TO 5.1/6.1/6.2.4/6.3 ON WINDOWS REPAIR UNNECESSARY PRIVILEGES

Description A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows

CVE-2024-9463 : PALO ALTO EXPEDITION UP TO 1.2.95 DEVICE CONFIGURATION OS COMMAND INJECTION

CVE-2024-9463 : PALO ALTO EXPEDITION UP TO 1.2.95 DEVICE CONFIGURATION OS COMMAND INJECTION

Description An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands

CVE-2024-47763 : BYTECODEALLIANCE WASMTIME UP TO 21.0.1/22.0.0/23.0.2/24.0.0/25.0.1 CONTROL FLOW

CVE-2024-47763 : BYTECODEALLIANCE WASMTIME UP TO 21.0.1/22.0.0/23.0.2/24.0.0/25.0.1 CONTROL FLOW

Description Wasmtime is an open source runtime for WebAssembly. Wasmtime’s implementation of WebAssembly tail calls combined with stack traces can