LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

mediawiki: multiple vulnerabilities

Package(s):mediawiki CVE #(s):CVE-2010-2789 CVE-2011-0537 CVE-2012-1578 CVE-2012-1579 CVE-2012-1580 CVE-2012-1581 CVE-2012-1582
Created:June 22, 2012 Updated:June 27, 2012
Description:

From the Gentoo advisory:

MediaWiki allows remote attackers to bypass authentication, to perform imports from any wgImportSources wiki via a crafted POST request, to conduct cross-site scripting (XSS) attacks or obtain sensitive information, to inject arbitrary web script or HTML, to conduct clickjacking attacks, to execute arbitrary PHP code, to inject arbitrary web script or HTML, to bypass intended access restrictions and to obtain sensitive information.

Alerts:
Gentoo 201206-09 2012-06-21
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds