Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 239342 (CVE-2008-4408) - www-apps/mediawiki <1.12.1 <1.13.2 XSS (CVE-2008-4408)
Summary: www-apps/mediawiki <1.12.1 <1.13.2 XSS (CVE-2008-4408)
Alias: CVE-2008-4408
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~4 [ebuild]
: 239488 (view as bug list)
Depends on:
Reported: 2008-10-02 16:19 UTC by Hanno Böck
Modified: 2008-10-06 18:15 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2008-10-02 16:19:03 UTC

1.11.* is not affected, so we only need bumps for the ~-versions.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-10-04 02:12:16 UTC
*** Bug 239488 has been marked as a duplicate of this bug. ***
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2008-10-04 02:12:45 UTC
Impact: XSS

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0,
and possibly other versions before 1.13.2 allows remote attackers to
inject arbitrary web script or HTML via the useskin parameter to an
unspecified component.
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2008-10-06 04:47:04 UTC
mediawiki 1.12.1 and 1.13.2 are in the tree. Affected versions removed. Done.
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-10-06 14:43:18 UTC
thanks, closing then.