[FEDORA-2014-17228] Fedora 20: mediawiki
Severity
High
Affected Packages
1
CVEs
8
- (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.\r\n* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name.\r\n* (bug T74222) The original patch for T74222 was reverted as unnecessary.\r\n
Package | Affected Version |
---|---|
pkg:rpm/fedora/mediawiki?distro=fedora-20 | < 1.23.8.1.fc20 |
- ID
- FEDORA-2014-17228
- Severity
- high
- Severity from
- CVE-2013-6453
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2014-17228
- Published
-
2014-12-29T10:04:19
(9 years ago) - Modified
-
2014-12-29T10:04:19
(9 years ago) - Rights
- Copyright 2014 Red Hat, Inc.
- Other Advisories
-
- DSA-2891-1
- DSA-3046-1
- FEDORA-2014-11582
- FEDORA-2014-11727
- FEDORA-2014-12155
- FEDORA-2014-12262
- FEDORA-2014-12263
- FEDORA-2014-16020
- FEDORA-2014-16033
- FEDORA-2014-17264
- FEDORA-2014-1745
- FEDORA-2014-1802
- FEDORA-2014-3338
- FEDORA-2014-3344
- FEDORA-2014-4478
- FEDORA-2014-4511
- FEDORA-2014-5684
- FEDORA-2014-5691
- FEDORA-2014-6961
- FEDORA-2014-6962
- FEDORA-2014-7779
- FEDORA-2014-7805
- FEDORA-2014-9548
- FEDORA-2014-9583
- FEDORA-2015-5569
- GLSA-201502-04
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1175828 | Bug #1175828 - mediawiki: multiple vulnerabilities | https://bugzilla.redhat.com/show_bug.cgi?id=1175828 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/mediawiki?distro=fedora-20 | fedora | mediawiki | < 1.23.8.1.fc20 | fedora-20 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |