Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2014/08/27 12:0 a.m.35 views

Fedora 20 : mediawiki-1.23.2-1.fc20 (2014-9583)

This is a major update from the 1.21 branch to the 1.23 long term support branch. - bug 68187 SECURITY: Prepend jsonp callback with comment. - CVE-2014-5241 - bug 66608 SECURITY: Fix for XSS issue in bug 66608: Generate the URL used for loading a new page in JavaScript,instead of relying on the U...

6.8CVSS8AI score0.02074EPSS
Exploits3References5
Debian
Debian
added 2014/08/23 3:27 p.m.22 views

[SECURITY] [DSA 3011-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3011-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 23, 2014 http://www.debian.org/security/faq -...

6.8CVSS1.4AI score0.01774EPSS
Exploits2
OSV
OSV
added 2014/08/23 12:0 a.m.27 views

DSA-3011-1 mediawiki - security update

Bulletin has no description...

6.8CVSS6.1AI score0.01774EPSS
Exploits2
OSV
OSV
added 2014/08/22 5:55 p.m.8 views

CVE-2014-5241

The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site...

6.3AI score
Exploits0References9
CVE
CVE
added 2014/08/22 5:0 p.m.77 views

CVE-2014-5241

CVE-2014-5241 affects MediaWiki’s JSONP endpoint (includes/api/ApiFormatJson.php) and allows CSRF exploitation and potential information disclosure via crafted JSONP responses when certain long callback values are used. The underlying issue is improper restriction of the initial bytes of a JSONP ...

6.8CVSS6.1AI score0.00838EPSS
Exploits1References7Affected Software1
OpenVAS
OpenVAS
added 2014/08/22 12:0 a.m.25 views

Debian: Security Advisory (DSA-3011-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7AI score0.01774EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2014/08/13 12:0 a.m.35 views

MediaWiki < 1.19.18 / 1.22.9 / 1.23.2 Multiple Vulnerabilities

According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities : - A flaw exists due to comments not being prepended to the JSONP callbacks. This allows a remote attacker, using a specially crafted SWF file, to perform a cross-si...

6.8CVSS8.4AI score0.02074EPSS
Exploits3References9
Mageia
Mageia
added 2014/08/05 8:8 p.m.38 views

Updated mediawiki packages fix security vulnerabilities

MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash CVE-2014-5241, XSS in mediawiki.page.image.pagination.js CVE-2014-5242, and clickjacking between OutputPage and ParserOutput CVE-2014-5243. This update provides MediaWiki 1.23.2, fixing these and other issues...

6.8CVSS9.1AI score0.02074EPSS
Exploits3References3
Rows per page
Query Builder