7 matches found
Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:198)
Updated mediawiki packages fix security vulnerability : MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files CVE-2014-7199. MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via...
Updated mediawiki packages fix security vulnerbilities
Updated mediawiki packages fix security vulnerability: MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files CVE-2014-7199. MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via user-specific...
Fedora Update for mediawiki FEDORA-2014-11727
Check the version of mediawiki SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868360";...
Debian Security Advisory DSA 3036-1 (mediawiki - security update)
It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting. OpenVAS Vulnerability Test $Id: deb3036.nasl 8972 2018-02-28 07:02:10Z cfischer $ Auto-generated from advisory DSA 3036-1 using nvtgen 1.0 Script version: 1.0...
CVE-2014-7199
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...
CVE-2014-7199
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...
CVE-2014-7199
CVE-2014-7199 is a MediaWiki XSS vulnerability due to crafted SVG handling. Affected versions are MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4. An attacker could inject arbitrary web script/HTML via an SVG file uploaded to the wiki, enabling remote code execution in t...