5719 matches found
Cross site scripting
The 1 Special:Preferences and 2 Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting XSS attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying...
CVE-2014-7295
The 1 Special:Preferences and 2 Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting XSS attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying...
CVE-2014-7295
The 1 Special:Preferences and 2 Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting XSS attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying...
CVE-2014-7295
The 1 Special:Preferences and 2 Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting XSS attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying...
Updated mediawiki packages fix security vulnerbilities
Updated mediawiki packages fix security vulnerability: MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files CVE-2014-7199. MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via user-specific...
HttpCombiner ASP.NET - Remote File Disclosure
HttpCombiner ASP.NET - Remote File Disclosure Exploit Title: HttpCombiner ASP.NET Remote File Disclosure Vulnerability Google Dork: filetype:txt intext:HttpCombiner.ashx Date: 2014-10-10 Exploit Author: Hoang Anh Thai Vendor Homepage:...
MediaWiki < 1.19.19 / 1.22.11 / 1.23.4 SVG Upload and CSS XSS
According to its version number, the MediaWiki application running on the remote host is affected by an input validation error related to SVG file upload handling and CSS content filtering that can lead to cross-site scripting XSS attacks. Note that Nessus has not tested for this issue but has...
Fedora 19 : mediawiki-1.23.4-1.fc19 (2014-11582)
bug 69008 SECURITY: Enhance CSS filtering in SVG files. Filter elements; normalize style elements and attributes before filtering; add checks for attributes that contain css; add unit tests for html5sec and reported bugs. - bug 65998 Make MySQLi work with non-standard socket. - bug 66986...
Fedora 20 : mediawiki-1.23.4-1.fc20 (2014-11727)
bug 69008 SECURITY: Enhance CSS filtering in SVG files. Filter elements; normalize style elements and attributes before filtering; add checks for attributes that contain css; add unit tests for html5sec and reported bugs. - bug 65998 Make MySQLi work with non-standard socket. - bug 66986...
Debian DSA-3046-1 : mediawiki - security update
It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created JavaScript is not allowed. A wiki user could be tricked into performing actions by manipulating the interface from CSS, or JavaScript code being executed from CSS,...
[SECURITY] [DSA 3046-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3046-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 05, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3046-1 (mediawiki - security update)
It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created JavaScript is not allowed. A wiki user could be tricked into performing actions by manipulating the interface from CSS, or JavaScript code being executed from CSS,...
DSA-3046-1 mediawiki - security update
Bulletin has no description...
mediawiki: Cross-site Scripting (XSS) and UI redressing
It was discovered that MediaWiki, a wiki engine, was separating the allowance of css and js modules resulting in Cross-site Scripting XSS and UI redressing issues...
Debian: Security Advisory (DSA-3046-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 21 : mediawiki-1.23.4-1.fc21 (2014-11717)
bug 69008 SECURITY: Enhance CSS filtering in SVG files. Filter elements; normalize style elements and attributes before filtering; add checks for attributes that contain css; add unit tests for html5sec and reported bugs. - bug 65998 Make MySQLi work with non-standard socket. - bug 66986...
Debian DSA-3036-1 : mediawiki - security update
It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
CVE-2014-4958
Cross-site scripting XSS vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes...
Cross site scripting
Cross-site scripting XSS vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes...
CVE-2014-4958
Cross-site scripting XSS vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes...