2 matches found
MediaWiki >= 1.5 CSS验证信息泄露漏洞
BUGTRAQ ID: 38621 CVE ID: CVE-2010-1189 MediaWiki是著名的wiki程序,运行于PHP+MySQL环境。 MediaWiki的CSS验证功能没有禁止wiki编辑者在wiki页面中链接到其他网站的图形,这允许编辑者通过添加到恶意网站上的图形链接获得IP 地址等有关于wiki用户的敏感信息。 MediaWiki = 1.5 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-2022-1)以及相应补丁: DSA-2022-1:New mediawiki packages fix several...
Debian DSA-2022-1 : mediawiki - several vulnerabilities
Several vulnerabilities have been discovered in mediawiki, a web-based wiki engine. The following issues have been identified : - Insufficient input sanitization in the CSS validation code allows editors to display external images in wiki pages. This can be a privacy concern on public wikis as it...