[Pkg-mediawiki-devel] Bug#696179: Bug#696179: Bug#696179: mediawiki-extensions-base: RSS_Reader Javascript injection

Platonides platonides at gmail.com
Mon Dec 17 17:16:55 UTC 2012

http://www.mediawiki.org/wiki/Extension:RSS_Reader seems to live
exclusively at the wiki page, instead of being at a repository.

Injection vulnerabilities are quite common in these kind of extensions.
With a quick glance, it misses to escape the output everywhere.

Just edit the page when fixing the bug.

I don't think it is actively maintained, but you can contact the author

More information about the Pkg-mediawiki-devel mailing list