Red Hat Bugzilla – Bug 620225
CVE-2010-2788 MediaWiki (< v1.15.5, v1.16.0): XSS in profileinfo.php
Last modified: 2016-03-04 06:08:03 EST
MediaWiki upstream has released:
v1.16.0 and v.1.15.5 versions of MediaWiki, addressing the following XSS flaw (from ):
A cross-site scripting (XSS) vulnerability was discovered in
profileinfo.php. The vulnerability is only exposed when the script is
explicitly enabled in LocalSettings.php, with $wgEnableProfileInfo = true.
This issue affects the versions of the mediawiki package, as shipped
with Fedora release of 12 and 13.
Created mediawiki tracking bugs for this issue
Affects: fedora-all [bug 620226]