Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201409-4 ======================================== Severity: High Date : 2014-09-29 CVE-ID : CVE-7199 Package : mediawiki Type : Cross-site Scripting (XSS) Remote : Yes Link : https://wiki.archlinux.org/title/CVE-2014 Summary ====== The package mediawiki before version 1.23.4-1 is vulnerable to Cross-site Scripting (XSS). Resolution ========= Upgrade to 1.23.4-1. # pacman -Syu "mediawiki>=1.23.4-1" The problem has been fixed upstream in version 1.23.4. Workaround ========= None. Description ========== It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting. Impact ===== A remote attacker is able to upload a crafted SVG file to perform a cross site scripting attack. References ========= https://www.cve.org/CVERecord?id=CVE-2014-7199 https://phabricator.wikimedia.org/T71008 https://bugs.archlinux.org/task/42161 https://lists.wikimedia.org/hyperkitty/list/This email address is being protected from spambots. You need JavaScript enabled to view it. /message/7CRASJKGBFVXEHSNWKNX3UHOF3IJSBS5/