[Pkg-mediawiki-devel] Bug#501115: CVE-2008-4408: XSS in mediawiki
Steffen Joeris
steffen.joeris at skolelinux.de
Sat Oct 4 08:52:17 UTC 2008
Package: mediawiki
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mediawiki.
CVE-2008-4408[0]:
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0,
and possibly other versions before 1.13.2 allows remote attackers
to inject arbitrary web script or HTML via the useskin parameter
to an unspecified component.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://web.nvd.nist.gov/view/vuln/detail?execution=e6s1
http://security-tracker.debian.net/tracker/CVE-2008-4408
More information about the Pkg-mediawiki-devel
mailing list