Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.144681 |
Categoría: | Web application abuses |
Título: | MediaWiki Multiple Vulnerabilities - September20 (Linux) |
Resumen: | MediaWiki is prone to multiple vulnerabilities. |
Descripción: | Summary: MediaWiki is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities were fixed: - SpecialUserrights: If a viewer lacks 'hideuser', ignore hidden users (CVE-2020-25813) - Unescaped message used in HTML on Special:Contributions (CVE-2020-25812) - Unescaped message used in HTML within LogEventsList (CVE-2020-25815) - Prevent invoking firejail's --output functionality (CVE-2020-17367, CVE-2020-17368) - mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute (CVE-2020-25814) - Escape HTML in mw.message( ... ).parse() (CVE-2020-25828) - ActorMigration: Load user from the correct database (CVE-2020-25869) - Ensure actor ID from correct wiki is used (CVE-2020-25869) - TOTP throttle not enforced cross-wiki (CVE-2020-25827) - XSS in the MobileFrontend extension (CVE-2020-26120) - An issue was discovered in the FileImporter extension (CVE-2020-26121) Affected Software/OS: MediaWiki versions before 1.31.10 and 1.34.4. Solution: Update to version 1.31.10, 1.34.4 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-25813 Common Vulnerability Exposure (CVE) ID: CVE-2020-25812 Common Vulnerability Exposure (CVE) ID: CVE-2020-25815 Common Vulnerability Exposure (CVE) ID: CVE-2020-17367 Common Vulnerability Exposure (CVE) ID: CVE-2020-17368 Common Vulnerability Exposure (CVE) ID: CVE-2020-25814 Common Vulnerability Exposure (CVE) ID: CVE-2020-25828 Common Vulnerability Exposure (CVE) ID: CVE-2020-25869 Common Vulnerability Exposure (CVE) ID: CVE-2020-25827 Common Vulnerability Exposure (CVE) ID: CVE-2020-26120 Common Vulnerability Exposure (CVE) ID: CVE-2020-26121 |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |