165551 – www-apps/mediawiki < 1.9.2 Sortable Table Feature HTML Injection Vulnerability

Bug 165551 - www-apps/mediawiki < 1.9.2 Sortable Table Feature HTML Injection Vulnerability

Summary: www-apps/mediawiki < 1.9.2 Sortable Table Feature HTML Injection Vulnerability

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://www.securityfocus.com/bid/2239...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-02-06 02:52 UTC by Executioner
Modified:	2007-02-09 15:02 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Executioner 2007-02-06 02:52:10 UTC

MediaWiki is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

MediaWiki versions 1.9.0 prior to 1.9.2 are vulnerable to this issue. 

Reproducible: Didn't try




http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_2/phase3/RELEASE-NOTES

Comment 1 Philippe Trottier (RETIRED) gentoo-dev

2007-02-08 10:11:54 UTC

1.9.2 is now commited, I was simply waiting for the tar ball to be present and confirm it's md5.

Comment 2 Philippe Trottier (RETIRED) gentoo-dev

2007-02-08 10:12:46 UTC

Note 2, please check that 1.8.x is really affected, as there is not metion of this for those versions.

Comment 3 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-02-09 15:02:57 UTC

1.8 is not known to be vulnerable, closing