Updated mediawiki packages fix security vulnerability
Publication date: 06 Jun 2014Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3966
Description
XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this could potentially lead to an XSS crossing a privilege boundary (CVE-2014-3966).
References
SRPMS
3/core
- mediawiki-1.22.7-1.mga3
4/core
- mediawiki-1.22.7-1.mga4