ALT Linux Team

Package mediawiki update in p7 on 2014-11-14

ALT-PU-2014-2355-1

Package mediawiki updated to version 1.23.6-alt0.M70P.1 for branch p7 in task 134645.

Closed vulnerabilities

Published: 2014-09-30
Modified: 2024-11-21

CVE-2014-7199

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.

Severity: MEDIUM (4.3)
References:
Published: 2014-10-07
Modified: 2024-11-21

CVE-2014-7295

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.

Severity: LOW (3.5)
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top