Updated mediawiki packages fix security vulnerability
Publication date: 06 Jun 2014Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3966
Description
XSS vulnerability in MediaWiki before 1.22.7, due to usernames on
Special:PasswordReset being parsed as wikitext. The username on
Special:PasswordReset can be supplied by anyone and will be parsed
with wgRawHtml enabled. Since Special:PasswordReset is whitelisted
by default on private wikis, this could potentially lead to an XSS
crossing a privilege boundary (CVE-2014-3966).
References
SRPMS
3/core
- mediawiki-1.22.7-1.mga3
4/core
- mediawiki-1.22.7-1.mga4