Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201410-3 ======================================== Severity: Medium Date : 2014-10-04 CVE-ID : CVE-2014-7295 Package : mediawiki Type : Cross-site Scripting (XSS) and UI redressing Remote : Yes Link : https://wiki.archlinux.org/title/CVE-2014 Summary ====== The package mediawiki before version 1.23.5-1 is vulnerable to Cross-site Scripting (XSS) and UI redressing. Resolution ========= Upgrade to 1.23.5-1. # pacman -Syu "mediawiki>=1.23.5-1" The problem has been fixed upstream in version 1.23.5. Workaround ========= None. Description ========== It was discovered that MediaWiki, a wiki engine, was separating the allowance of css and js modules resulting in Cross-site Scripting (XSS) and UI redressing issues. Impact ===== A remote attacker is able to perform Cross-site Scripting (XSS) and/or UI redressing attacks on affected MediaWiki pages. References ========= https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7295 https://lists.wikimedia.org/hyperkitty/list/This email address is being protected from spambots. You need JavaScript enabled to view it. /message/7CSMXENGLTDHTBNNLZ6G2MA3GJRQL3ES/ https://www.openwall.com/lists/oss-security/2014/10/02/36