CVE-2008-1318

Name of the Vulnerable Software and Affected Versions MediaWiki versions 1.11 through 1.11.1

Description The issue allows remote attackers to obtain sensitive cross-site information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results.

Recommendations For MediaWiki versions 1.11 through 1.11.1, update to version 1.11.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the API endpoint that handles JSON formatted results until the update is applied. Avoid using the callback parameter in API calls for JSON formatted results until the issue is resolved.