Summary: | <www-apps/mediawiki-{1.19.16,1.21.10,1.22.7}: XSS in action=info (CVE-2014-2853) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1091967 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-04-28 13:45:40 UTC
This bug is being addressed in part of stabilization of Bug 512354 with versions: www-apps/mediawiki-{1.19.16,1.21.10,1.22.7} CVE-2014-2853 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2853): Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action. no GLSA for Cross Site Scripting Maintainer(s), please drop the vulnerable version. Maintainer(s), please drop the vulnerable version - we would love to close this bug. Maintainer timeout, cleanup done, closing noglsa. |