Lucene search

K

Ubuntu.comUB:CVE-2014-2242

HistoryMar 02, 2014 - 12:00 a.m.

CVE-2014-2242

2014-03-0200:00:00

ubuntu.com

ubuntu.com

9

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.5%

includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and
1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of
invalid namespaces in SVG files, which allows remote attackers to conduct
cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by
use of a W3C XHTML namespace in conjunction with an IFRAME element.

References

lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html

openwall.com/lists/oss-security/2014/02/28/1

openwall.com/lists/oss-security/2014/03/01/2

bugzilla.redhat.com/show_bug.cgi?id=1071135

bugzilla.wikimedia.org/show_bug.cgi?id=60771

gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z

launchpad.net/bugs/cve/CVE-2014-2242

nvd.nist.gov/vuln/detail/CVE-2014-2242

security-tracker.debian.org/tracker/CVE-2014-2242

www.cve.org/CVERecord?id=CVE-2014-2242

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.5%

Related for UB:CVE-2014-2242

seebug1 debiancve1 prion1 cve1 mageia1 nessus5 openvas6 fedora2 securityvulns2 gentoo1