Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (4)
| Vulnerability |
Summary |
Aliases |
|
VCID-2xa5-1rmz-bfh3
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578.
|
CVE-2011-1587
|
|
VCID-2yav-jgcc-zyhc
|
Multiple vulnerabilities have been found in MediaWiki, the worst of
which leading to remote execution of arbitrary code.
|
CVE-2011-1579
|
|
VCID-5ye5-j6zz-bkau
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.
|
CVE-2011-1578
|
|
VCID-us2t-3nsp-53af
|
Multiple vulnerabilities have been found in MediaWiki, the worst of
which leading to remote execution of arbitrary code.
|
CVE-2011-1580
|