MediaWiki Incomplete Blacklist Vulnerability (CNVD-2015-02418)

MediaWiki is a Wiki program. An incomplete blacklist vulnerability exists in the includes/upload/UploadBase.php script of MediaWiki. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of nested SVG files with data: URI of type pplication/xml MIME...

MediaWiki 'includes/upload/UploadBase.php'跨站脚本漏洞

BUGTRAQ ID：65910 CVE ID：CVE-2014-2242 MediaWiki是一款Wiki程序。 MediaWiki 'includes/upload/UploadBase.php'脚本跨站脚本漏洞。由于程序未能限制SVG文件使用无效的命名空间，远程攻击者可通过上传特制的SVG文件利用该漏洞实施跨站脚本攻击。 0 MediaWiki Mediawiki = 1.19.11 MediaWiki Mediawiki 1.20.x MediaWiki Mediawiki 1.21.x1.21.6 MediaWiki Mediawiki 1.22.x1.22.3 厂商补丁：...