LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

mediawiki: cross-site scripting

Package(s):mediawiki CVE #(s):CVE-2007-1054
Created:August 7, 2007 Updated:August 8, 2007
Description: A cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.
Alerts:
Fedora FEDORA-2007-1442 2007-08-06
(Log in to post comments)

mediawiki: cross-site scripting

Posted Aug 10, 2007 15:03 UTC (Fri) by filker0 (guest, #31278) [Link]

This comment is not intended to be an anti-windows slam, but I suspect that the Microsoft folks who count "security vulnerabilities" will count this one as a Linux vulnerability rather than an IE problem that is enabled by a weakness in an application (mediawiki) that happens to run on Linux.

If I'm misreading this, I'm sorry.

mediawiki: cross-site scripting

Posted Aug 12, 2007 12:49 UTC (Sun) by kreutzm (guest, #4700) [Link]

Fixed in Debian prior to release of Etch.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds