Fedora 19 : mediawiki-1.23.8-1.fc19 (2014-17264)

bug T76686 SECURITY thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.\r\n bug T77028 SECURITY Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an...