[ MDVSA-2014:198 ] mediawiki

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:198
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : mediawiki
 Date    : October 21, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated mediawiki packages fix security vulnerability:
 
 MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to
 JavaScript injection via CSS in uploaded SVG files (CVE-2014-7199).
 
 MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to
 JavaScript injection via user-specificed CSS in certain special pages
 (CVE-2014-7295).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7199
 http://cve.mitre.org/cgi

007 Software

[ MDVSA-2014:198 ] mediawiki

Leave a Reply Cancel reply

Software and Security Information