[Pkg-mediawiki-devel] Bug#685323: Non-persistent XSS vulnerability in contrib script

Steven Chamberlain steven at pyro.eu.org
Tue Aug 21 22:42:54 UTC 2012

tags 685323 = unreproducible upstream security
notfound 685323 geshi/
close 685323 geshi/

Bug supposedly affected langwiz.php where a leftover var_dump($_GET)
could pose an XSS risk if deployed on a public-facing webserver. [1]

That file does not exist in the source version of php-geshi packaged by
Debian.  It was formerly known as langcheck,php, which is shipped by
php-geshi in doc/examples/, but the vulnerability was not
introduced until later.


Steven Chamberlain
steven at pyro.eu.org

More information about the Pkg-mediawiki-devel mailing list