Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1647 to the following vulnerability: Name: CVE-2010-1647 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1647 Assigned: 20100429 Reference: MLIST:[MediaWiki-announce] 20100528 MediaWiki security update: 1.15.4 and 1.16.0beta3 Reference: URL: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html Reference: CONFIRM: https://bugzilla.wikimedia.org/show_bug.cgi?id=23687 Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer. Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1648 to the following vulnerability: Name: CVE-2010-1648 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1648 Assigned: 20100429 Reference: MLIST:[MediaWiki-announce] 20100528 MediaWiki security update: 1.15.4 and 1.16.0beta3 Reference: URL: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html Reference: CONFIRM: https://bugzilla.wikimedia.org/show_bug.cgi?id=23371 Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.
Created mediawiki tracking bugs for this issue Affects: fedora-all [bug 605299]
mediawiki-1.15.4-54.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
mediawiki-1.15.4-54.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.