Summary: | <www-apps/mediawiki-{1.19.16,1.21.10,1.22.7}: XSS flaw due to improper parsing of Special:PasswordReset (CVE-2014-3966) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cyberbat83, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1104222 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-06-04 08:13:00 UTC
Arches please stabilize: =www-apps/mediawiki-1.19.16 =www-apps/mediawiki-1.21.10 amd64 stable x86 stable ppc stable. Maintainer(s), please cleanup. Security, please vote. CVE-2014-3966 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3966): Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username. no GLSA for Cross Site Scripting Maintainer(s), please drop the vulnerable version. Maintainer(s), please drop the vulnerable version - we would love to close this bug. Maintainer timeout, cleanup done, closing noglsa. |