Package: mediawiki
Version: 1:1.7
Severity: important
Tags: security
I don't know if mediawiki is vunerable with this bug.
A vulnerability has been reported in MediaWiki, which can be exploited by
malicious people
to conduct cross-site scripting attacks.
Input passed to an unspecified parameter is not properly sanitised before being
returned to
the user. This can be exploited to execute arbitrary HTML and script code in a
user's browser
session in context of an affected site.
Successful exploitation requires that $wgUseAjax is set to true, which is not
its default setting.
The vulnerability is reported in the 1.6.x branch before 1.6.9, the 1.7.x
branch before 1.7.2,
and the 1.8.x branch before 1.8.3.
Solution:
Update to version 1.6.9, 1.7.2 or 1.8.3.
Thanks in advanced.
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-486
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
regards,
--
.''`.
: :' : Alex de Oliveira Silva | enerv
`. `' www.enerv.net
`-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
