Debian: DSA-2992-1 Critical: OpenSSH Security Vulnerabilities
debian
March 30, 2014
Several vulnerabilities were discovered in MediaWiki, a wiki engine
Summary
CVE-2013-2031
Cross-site scripting attack via valid UTF-7 encoded sequences
in a SVG file.
CVE-2013-4567 & CVE-2013-4568
Kevin Israel (Wikipedia user PleaseStand) reported two ways
to inject Javascript due to an incomplete blacklist in the
CSS sanitizer function.
CVE-2013-4572
MediaWiki and the CentralNotice extension were incorrectly setting
cache headers when a user was autocreated, causing the user's
session cookies to be cached, and returned to other users.
CVE-2013-6452
Chris from RationalWiki reported that SVG files could be
uploaded that include external stylesheets, which could lead to
XSS when an XSL was used to include JavaScript.
CVE-2013-6453
MediaWiki's SVG sanitization could be bypassed when the XML was
considered invalid.
CVE-2013-6454
MediaWiki's CSS sanitization did not filter -o-link attributes,
which could be used to execute JavaScript in Opera 12.
CVE-2013-6472
MediaWiki displayed some information about deleted pages in
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: mediawiki, mediawiki-extensions
CVE ID: CVE-2013-2031 CVE-2013-4567 CVE-2013-4568 CVE-2013-4572
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!