Lucene search
GoogleOSV:DSA-2957-1HistoryJun 12, 2014 - 12:00 a.m.
mediawiki - security update
2014-06-1200:00:00
Google
osv.dev
6
0.003 Low
EPSS
Percentile
69.3%
Omer Iqbal discovered that Mediawiki, a wiki engine, parses invalid
usernames on Special:PasswordReset as wikitext when $wgRawHtml is
enabled. On such wikis this allows an unauthenticated attacker to
insert malicious JavaScript, a cross site scripting attack.
For the stable distribution (wheezy), this problem has been fixed in
version 1:1.19.16+dfsg-0+deb7u1.
For the unstable distribution (sid), this problem has been fixed in
version 1:1.19.16+dfsg-1.
We recommend that you upgrade your mediawiki packages.
References
Related
nessus
nessus
Debian DSA-2957-1 : mediawiki - security update
2014-06-13 00:00:00
MediaWiki < 1.19.16 / 1.21.10 / 1.22.7 'Special:PasswordReset' XSS
2014-06-19 00:00:00
Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:119)
2014-06-11 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerability
2014-06-06 10:08:57
debiancve
debiancve
CVE-2014-3966
2014-06-06 14:55:05
securityvulns
securityvulns
[SECURITY] [DSA 2957-1] mediawiki security update
2014-06-14 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2957-1)
2014-06-11 00:00:00
Debian Security Advisory DSA 2957-1 (mediawiki - security update)
2014-06-12 00:00:00
Mageia: Security Advisory (MGASA-2014-0253)
2022-01-28 00:00:00
prion
prion
Cross site scripting
2014-06-06 14:55:00
nvd
nvd
CVE-2014-3966
2014-06-06 14:55:05
ubuntucve
ubuntucve
CVE-2014-3966
2014-06-06 00:00:00
cve
cve
CVE-2014-3966
2014-06-06 14:55:05
cvelist
cvelist
CVE-2014-3966
2014-06-06 14:00:00
debian
debian
[SECURITY] [DSA 2957-1] mediawiki security update
2014-06-12 17:59:07