A stored cross-site scripting (XSS) flaw was found in the way MediaWiki, a wiki engine, sanitized comments when a File::link tag to an non-existent image was rendered. A remote attacker could provide a specially-crafted URL that, when visited would lead to arbitrary HTML or web script injection.
Upstream patch against the 1.19 version:
Upstream patch against the 1.18 version:
This issue affects the versions of the mediawiki package, as shipped with Fedora release of 16 and 17. Please schedule an update.
This issue did NOT affect the version of the mediawiki package, as shipped with Fedora EPEL 5.
Created mediawiki tracking bugs for this issue
Affects: fedora-all [bug 853446]
The CVE identifier of CVE-2012-4377 has been assigned to this issue: