9 matches found
Mageia: Security Advisory (MGASA-2014-0253)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 2957-1] mediawiki security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2957-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 12, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2957-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2957-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 12, 2014 http://www.debian.org/security/faq -...
CVE-2014-3966
Cross-site scripting XSS vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username...
CVE-2014-3966
Cross-site scripting XSS vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username...
CVE-2014-3966
CVE-2014-3966 is a cross-site scripting vulnerability in MediaWiki’s Special:PasswordReset when wgRawHtml is enabled. It affects MediaWiki versions prior to 1.19.16, 1.21.x prior to 1.21.10, and 1.22.x prior to 1.22.7, enabling remote attackers to inject arbitrary script/HTML via an invalid usern...
CVE-2014-3966
Cross-site scripting XSS vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username...
CVE-2014-3966
Cross-site scripting XSS vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username...
Updated mediawiki packages fix security vulnerability
XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this...