FS#42161 - [mediawiki] CVE-2014-7199
Attached to Project:
Community Packages
Opened by Levente Polyak (anthraxx) - Sunday, 28 September 2014, 15:24 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 29 September 2014, 10:18 GMT
Opened by Levente Polyak (anthraxx) - Sunday, 28 September 2014, 15:24 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 29 September 2014, 10:18 GMT
|
Details
Hello,
mediawiki <= 1.23.3 is vulnerable to a cross side scripting bug [0][1][2]. It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting. [0] https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html [1] http://seclists.org/oss-sec/2014/q3/774 [2] https://bugzilla.wikimedia.org/show_bug.cgi?id=69008 |
This task depends upon
Closed by Sergej Pupykin (sergej)
Monday, 29 September 2014, 10:18 GMT
Reason for closing: Fixed
Additional comments about closing: updated to 1.23.4
Monday, 29 September 2014, 10:18 GMT
Reason for closing: Fixed
Additional comments about closing: updated to 1.23.4
A fix for this flaw has been commited upstream and is resolved in mediawiki >= 1.23.4 [0]
[0] https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html