[Pkg-mediawiki-devel] Bug#750527: mediawiki: Javascript inject by anonymous users on private wikis with $wgRawHtml enabled

Henri Salo henri at nerv.fi
Wed Jun 4 06:59:39 UTC 2014

Package: mediawiki
Version: 1:1.19.15+dfsg-2
Severity: normal
Tags: security, fixed-upstream

Needs wgRawHTML enabled so this may not be easy to exploit and might not be
affected by default.

Details of the issue: https://bugzilla.wikimedia.org/show_bug.cgi?id=65501
CVE request: http://www.openwall.com/lists/oss-security/2014/06/03/7

Henri Salo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20140604/627ceb77/attachment.sig>

More information about the Pkg-mediawiki-devel mailing list