Why you should upgrade Mediawiki

Reasons for upgrading your Mediawiki regularly.


 * MediaWiki HTML Inline Style Attributes Unspecified Cross-Site Scripting Vulnerability

Affects: Versions < 1.5.2

What can happen: "An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks."


 * [MediaWiki-announce MediaWiki 1.4beta6 released (SECURITY)]

Affects: Versions < 1.4beta6

What can happen: "an attacker could craft a URL which, when visited by a particular logged-in user, would execute arbitrary JavaScript code on the user's browser in the wiki's site context."


 * MediaWiki 1.6.6 released (security)

Affects: Versions < 1.6.6

What can happen: "An XSS injection vector in brace replacement has been fixed, as have some potential problems with table parsing. Upgrading is strongly recommended "


 * Any wikis running a 1.5 beta or release candidate are strongly recommended to upgrade to the latest stable releas

Affects: Versions < 1.5

What can happen: "a number of bug fixes and a security fix for CSS bugs in Microsoft Internet Explorer as well as a security hole caused by broken validation of the user language option."


 * SuSe: mediawiki cross site scripting attack

Affects: SUSE Linux 9.3 and 10.0. with mediawiki package

What can happen: "Unsafe handling of CSS by Microsoft Internet Explorer could be exploited to produce cross-site scripting attacks via Javascript injection to clients running that browser"


 * National Cyber-Alert System Vulnerability Summary CVE-2005-4501

Affects: Versions < 1.5.4

What can happen: "uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer."


 * http://www.xatrix.org/advisory.php?s=5365]