Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 239488

Summary: <=www-apps/mediawiki-1.13.1 XSS vulnerability (CVE-2008-4408 Canidate)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2008-10-04 02:11:29 UTC 
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0,
and possibly other versions before 1.13.2 allows remote attackers to
inject arbitrary web script or HTML via the useskin parameter to an
unspecified component.

See:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-10-04 02:12:16 UTC 

*** This bug has been marked as a duplicate of bug 239342 ***