[Pkg-mediawiki-devel] Bug#696179: Bug#696179: Bug#696179: mediawiki-extensions-base: RSS_Reader Javascript injection
Platonides
platonides at gmail.com
Mon Dec 17 17:16:55 UTC 2012
http://www.mediawiki.org/wiki/Extension:RSS_Reader seems to live
exclusively at the wiki page, instead of being at a repository.
Injection vulnerabilities are quite common in these kind of extensions.
With a quick glance, it misses to escape the output everywhere.
Just edit the page when fixing the bug.
I don't think it is actively maintained, but you can contact the author
http://www.mediawiki.org/wiki/User:DFRussia
More information about the Pkg-mediawiki-devel
mailing list