Red Hat Bugzilla – Bug 465734
CVE-2008-4408 mediawiki: XSS via the useskin parameter
Last modified: 2016-03-04 06:00:17 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4408 to the following vulnerability:
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and
possibly other versions before 1.13.2 allows remote attackers to inject
arbitrary web script or HTML via the useskin parameter to an unspecified
mediawiki-1.13.2-41.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
mediawiki-1.13.2-40.99.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Why didn't bodhi close this automatically?
Because it treats bugs filed against 'Security Response' product in a special way. Those bugs are used to track security issues across all "products", both Fedora and Red Hat products, so bodhi currently does not have a good way to know if there is still some product where this flaw needs to be addressed. So it's intentional.
This issue was addressed in: