Multiple DOM-based cross-site scripting (XSS) flaws were found in the way MediaWiki, a wiki engine, performed filtering of the uselang parameter. When JavaScript gadgets were used, a remote attacker could provide a specially-crafted URL that, when visited would lead to arbitrary HTML or web script execution. References: [1] http://www.gossamer-threads.com/lists/wiki/mediawiki/295767 Upstream bug: [2] https://bugzilla.wikimedia.org/show_bug.cgi?id=37587 Relevant upstream patch: [3] https://gerrit.wikimedia.org/r/#/c/13336/
This issue affects the versions of the mediawiki package, as shipped with Fedora release of 16 and 17. Please schedule an update. -- This issue did NOT affect the version of the mediawiki package, as shipped with Fedora EPEL 5.
CVE request: http://www.openwall.com/lists/oss-security/2012/08/31/6
Created mediawiki tracking bugs for this issue Affects: fedora-all [bug 853446]
The CVE identifier of CVE-2012-4378 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2012/08/31/10