Lucene search
K

8 matches found

Debian
Debian
added 2014/03/31 5:7 p.m.43 views

[SECURITY] [DSA 2891-2] mediawiki regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-2891-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 31, 2014 http://www.debian.org/security/faq -...

7.5CVSS8.6AI score0.42777EPSS
Exploits12
Debian
Debian
added 2014/03/30 9:25 a.m.47 views

[SECURITY] [DSA 2891-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2891-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 30, 2014 http://www.debian.org/security/faq -...

7.5CVSS8.6AI score0.42777EPSS
Exploits12
OSV
OSV
added 2014/03/02 8:53 p.m.10 views

MGASA-2014-0113 Updated mediawiki packages fix security vulnerabilities

MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS CVE-2013-6451. Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lea...

7.5CVSS7AI score0.42777EPSS
Exploits12References7
Tenable Nessus
Tenable Nessus
added 2013/12/18 12:0 a.m.37 views

Mandriva Linux Security Advisory : mediawiki (MDVSA-2013:290)

Updated mediawiki packages fix security vulnerabilities : Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...

7.5CVSS7.2AI score0.02142EPSS
Exploits0References4
OSV
OSV
added 2013/12/13 6:7 p.m.6 views

CVE-2013-4568

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression"...

6.3AI score
Exploits0References8
CVE
CVE
added 2013/12/13 6:0 p.m.62 views

CVE-2013-4568

CVE-2013-4568 involves an incomplete blacklist in MediaWiki’s Sanitizer::checkCss, enabling remote XSS via certain non-ASCII CSS characters. Affected releases include MediaWiki 1.19.x up to 1.19.9, 1.20.x prior to 1.20.8, and 1.21.x prior to 1.21.3. Connected advisories (e.g., Debian DSA-2891/DSA...

4.3CVSS6.1AI score0.02098EPSS
Exploits0References8Affected Software1
Mageia
Mageia
added 2013/12/12 10:21 p.m.43 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...

7.5CVSS2.1AI score0.02142EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2013/12/03 12:0 a.m.23 views

Fedora Update for mediawiki FEDORA-2013-21874

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.9AI score0.02344EPSS
Exploits0References2
Rows per page
Query Builder