Reasons for upgrading your Mediawiki regularly.
Affects: Versions < 1.5.2
What can happen: "An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks."
- [MediaWiki-announce MediaWiki 1.4beta6 released (SECURITY)]
Affects: Versions < 1.4beta6
What can happen: "an attacker could craft a URL which, when visited by a particular logged-in user, would execute arbitrary JavaScript code on the user's browser in the wiki's site context."
Affects: Versions < 1.6.6
What can happen: "An XSS injection vector in brace replacement has been fixed, as have some potential problems with table parsing. Upgrading is strongly recommended "
Affects: Versions < 1.5
What can happen: "a number of bug fixes and a security fix for CSS bugs in Microsoft Internet Explorer as well as a security hole caused by broken validation of the user language option."
Affects: SUSE Linux 9.3 and 10.0. with mediawiki package
What can happen: "Unsafe handling of CSS by Microsoft Internet Explorer could be exploited to produce cross-site scripting attacks via Javascript injection to clients running that browser"
Affects: Versions < 1.5.4
What can happen: "uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer."
- [http://www.skillzdesign.com/mwiki/RELEASE-NOTES Mediawiki 1.6.8
Affects: Versions < 1.6.8
What can happen: "A potential HTML/JavaScript-injection vulnerability in a debugging script has been fixed. Only versions and configurations of PHP vulnerable to the $GLOBALS overwrite vulnerability are affected."
- http://www.xatrix.org/advisory.php?s=5365
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-06/0098.html
- http://archive.cert.uni-stuttgart.de/archive/bugtraq/2005/03/msg00035.html
Template loop detected: Template:Stub