PT-2014-7887 · Wikimedia+1 · Mediawiki+1

Helder

+1

·

Publicado

2014-10-07

·

Atualizado

2015-08-06

·

CVE-2014-7295

CVSS v2.0

3.5

Baixa

VetorAV:N/AC:M/Au:S/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.19.20 MediaWiki versions 1.22.x prior to 1.22.12 MediaWiki versions 1.23.x prior to 1.23.5
Description The issue affects the Special:Preferences and Special:UserLogin pages in MediaWiki, allowing remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted CSS. This can be demonstrated by modifying MediaWiki:Common.css, which can lead to unspecified other impact.
Recommendations For MediaWiki versions prior to 1.19.20, update to version 1.19.20 or later. For MediaWiki versions 1.22.x prior to 1.22.12, update to version 1.22.12 or later. For MediaWiki versions 1.23.x prior to 1.23.5, update to version 1.23.5 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALT-PU-2014-2350
CVE-2014-7295
DSA-3046-1
MGASA-2014-0400

Produtos afetados

Alt Linux
Mediawiki