Full path disclosure in MediaWiki before 1.20.7, when an invalid language is specified in ResourceLoader (CVE-2013-4301). Several API modules in MediaWiki before 1.20.7 allowed anti-CSRF tokens to be accessed via JSONP (CVE-2013-4302). An issue with the MediaWiki API in MediaWiki before 1.20.7 where an invalid property name could be used for XSS with older versions of Internet Explorer (CVE-2013-4303).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 2 | noarch | mediawiki | <Â 1.20.7-1 | mediawiki-1.20.7-1.mga2 |
Mageia | 3 | noarch | mediawiki | <Â 1.20.7-1 | mediawiki-1.20.7-1.mga3 |