All errata/t7/ALT-PU-2014-2359-1
ALT-PU-2014-2359-1

Package update mediawiki in branch t7

Version1.23.6-alt0.M70P.1
Task#134779
Published2014-11-15
Max severityMEDIUM
Severity:

Closed issues (2)

CVE-2014-7199
MEDIUM4.3

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.

Published: 2014-09-30Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
References
CVE-2014-7295
LOW3.5

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.

Published: 2014-10-07Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
References