8 matches found
[SECURITY] [DSA 2891-2] mediawiki regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-2891-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 31, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2891-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2891-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 30, 2014 http://www.debian.org/security/faq -...
MGASA-2014-0113 Updated mediawiki packages fix security vulnerabilities
MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS CVE-2013-6451. Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lea...
Mandriva Linux Security Advisory : mediawiki (MDVSA-2013:290)
Updated mediawiki packages fix security vulnerabilities : Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...
CVE-2013-4568
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression"...
CVE-2013-4568
CVE-2013-4568 involves an incomplete blacklist in MediaWiki’s Sanitizer::checkCss, enabling remote XSS via certain non-ASCII CSS characters. Affected releases include MediaWiki 1.19.x up to 1.19.9, 1.20.x prior to 1.20.8, and 1.21.x prior to 1.21.3. Connected advisories (e.g., Debian DSA-2891/DSA...
Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...
Fedora Update for mediawiki FEDORA-2013-21874
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...