Debian DSA-2596-1 : mediawiki-extensions - XSS
Thorsten Glaser discovered that the RSSReader extension for MediaWiki, a website engine for collaborative work, does not properly escape tags in feeds. This could allow a malicious feed to inject JavaScript into the MediaWiki pages. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...