Advisories ยป MGASA-2014-0197

Updated mediawiki packages fix security vulnerability

Publication date: 28 Apr 2014
Modification date: 08 May 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2853

Description

Updated mediawiki packages fix security vulnerability:

XSS vulnerability in MediaWiki before 1.22.6, where if the default sort key
is set to a string containing a script, the script will be executed when the
page is viewed using the info action (CVE-2014-2853).
                

References

SRPMS

4/core

3/core