Lucene search
RootSSV:61665HistoryMar 06, 2014 - 12:00 a.m.
MediaWiki 'formatHTML'函数跨站脚本漏洞
2014-03-0600:00:00
Root
www.seebug.org
21
0.004 Low
EPSS
Percentile
70.3%
BUGTRAQ ID:65906
CVE ID:CVE-2014-2244
MediaWiki是一款Wiki程序。
MediaWiki中的includes/api/ApiFormatBase.php脚本的’formatHTML’函数存在跨站脚本漏洞。由于程序未能正确处理追加到api.php脚本的链接,远程攻击者可利用该漏洞注入任意Web脚本或HTML。
0
MediaWiki Mediawiki < 2.0.18
MediaWiki Mediawiki <= 1.19.11
MediaWiki Mediawiki 1.20.x
MediaWiki Mediawiki 1.21.x(<1.21.6)
MediaWiki Mediawiki 1.22.x(<1.22.3
厂商补丁:
MediaWiki
用户可参考如下供应商提供的安全公告获得补丁信息:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html
Related
debiancve
debiancve
CVE-2014-2244
2014-03-02 04:57:00
cve
cve
CVE-2014-2244
2014-03-02 04:57:00
prion
prion
Cross site scripting
2014-03-02 04:57:00
ubuntucve
ubuntucve
CVE-2014-2244
2014-03-02 00:00:00
nessus
nessus
Fedora 20 : mediawiki-1.21.6-1.fc20 (2014-3338)
2014-03-11 00:00:00
Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)
2014-03-11 00:00:00
MediaWiki < 1.19.12 / 1.21.6 / 1.22.3 Multiple Vulnerabilities
2014-03-07 00:00:00
mageia
mageia
Updated mediawiki packages fix multiple vulnerabilities
2014-03-08 00:12:00
openvas
openvas
Mediawiki Multiple Vulnerabilities-01 Mar14
2014-03-04 00:00:00
Fedora Update for mediawiki FEDORA-2014-3338
2014-03-12 00:00:00
Fedora Update for mediawiki FEDORA-2014-3344
2014-03-12 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:057 ] mediawiki
2014-05-05 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mediawiki-1.21.6-1.fc20
2014-03-11 04:15:05
[SECURITY] Fedora 19 Update: mediawiki-1.21.6-1.fc19
2014-03-11 04:08:52
gentoo
gentoo
MediaWiki: Multiple vulnerabilities
2015-02-07 00:00:00