[Pkg-mediawiki-devel] Bug#685323: Non-persistent XSS vulnerability in contrib script
Steven Chamberlain
steven at pyro.eu.org
Tue Aug 21 22:42:54 UTC 2012
tags 685323 = unreproducible upstream security
notfound 685323 geshi/1.0.8.4-1
close 685323 geshi/1.0.8.4-1
thanks
Bug supposedly affected langwiz.php where a leftover var_dump($_GET)
could pose an XSS risk if deployed on a public-facing webserver. [1]
That file does not exist in the source version of php-geshi packaged by
Debian. It was formerly known as langcheck,php, which is shipped by
php-geshi 1.0.8.4-1 in doc/examples/, but the vulnerability was not
introduced until later.
[1]
http://geshi.svn.sourceforge.net/viewvc/geshi/trunk/geshi-1.0.X/src/contrib/langwiz.php?r1=2508&r2=2507&pathrev=2508
Regards,
--
Steven Chamberlain
steven at pyro.eu.org
More information about the Pkg-mediawiki-devel
mailing list