[Pkg-mediawiki-devel] Bug#442255: CVE-2007-4828 XSS in pretty-printing mode

Nico Golde nion at debian.org
Fri Sep 14 12:09:48 UTC 2007


Package: mediawiki
Severity: serious
Tags: security

Hi,
a CVE has been issued against mediawiki.
CVE-2007-4828[0]:
Cross-site scripting (XSS) vulnerability in the API 
pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 
through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 
development versions before 1.11.0 allows remote attackers 
to inject arbitrary web script or HTML via unspecified 
vectors.

If you fix this bug please include the CVE id in your 
changelogs.

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4828

Kind regards
Nico
-- 
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20070914/64e28e7b/attachment-0001.pgp 


More information about the Pkg-mediawiki-devel mailing list