Bug 695577
Summary: | MediaWiki 1.16.2 Cross-Site Scripting (2) and Access Control Bypass CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Kurt Seifried <kurt> |
Component: | mediawiki | Assignee: | Axel Thimm <axel.thimm> |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 14 | CC: | axel.thimm, fche, kurt, smooge, vdanen |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-04-14 02:49:31 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Kurt Seifried
2011-04-12 04:08:11 UTC
> 1) XSS with IE <= 6 due to improper handling of uploaded file names Use CVE-2011-1578 > 2) CSS validation error in wikitext parser Use CVE-2011-1579 > 3) transwiki import neglects to perform access control checks Use CVE-2011-1580 *** This bug has been marked as a duplicate of bug 696360 *** |