1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2014-17228

[FEDORA-2014-17228] Fedora 20: mediawiki

Severity High
Affected Packages 1
CVEs 8
Info Packages References Vulnerabilities
  • (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.\r\n* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name.\r\n* (bug T74222) The original patch for T74222 was reverted as unnecessary.\r\n
Package Affected Version
pkg:rpm/fedora/mediawiki?distro=fedora-20 < 1.23.8.1.fc20
ID
FEDORA-2014-17228
Severity
high
Severity from
CVE-2013-6453
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2014-17228
Published
2014-12-29T10:04:19
(9 years ago)
Modified
2014-12-29T10:04:19
(9 years ago)
Rights
Copyright 2014 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 1175828 Bug #1175828 - mediawiki: multiple vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1175828
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/mediawiki?distro=fedora-20 fedora mediawiki < 1.23.8.1.fc20 fedora-20
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date