7 matches found
Mageia: Security Advisory (MGASA-2014-0124)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for mediawiki FEDORA-2014-3338
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for mediawiki FEDORA-2014-3344
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MediaWiki 'includes/upload/UploadBase.php'跨站脚本漏洞
BUGTRAQ ID:65910 CVE ID:CVE-2014-2242 MediaWiki是一款Wiki程序。 MediaWiki 'includes/upload/UploadBase.php'脚本跨站脚本漏洞。由于程序未能限制SVG文件使用无效的命名空间,远程攻击者可通过上传特制的SVG文件利用该漏洞实施跨站脚本攻击。 0 MediaWiki Mediawiki = 1.19.11 MediaWiki Mediawiki 1.20.x MediaWiki Mediawiki 1.21.x1.21.6 MediaWiki Mediawiki 1.22.x1.22.3 厂商补丁:...
CVE-2014-2242
includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting XSS attacks via an SVG upload, as demonstrated by use of a W...
CVE-2014-2242
The CVE affects MediaWiki versions using UploadBase.php (before 1.19.12; 1.20.x before 1.21.6; 1.21.x before 1.21.6; 1.22.x before 1.22.3). It stems from not blocking invalid SVG namespaces, allowing XSS via SVG uploads (e.g., W3C XHTML namespace with an IFRAME). Exploitation is via SVG upload; i...
CVE-2014-2242
includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting XSS attacks via an SVG upload, as demonstrated by use of a W...