CVE-2007-4828 Information

Description

Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4 1.9.0 through 1.9.3 1.10.0 through 1.10.1 and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Reference

http://fedoranews.org/updates/FEDORA-2007-218.shtml http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html http://secunia.com/advisories/26772 http://secunia.com/advisories/26870 http://www.securityfocus.com/bid/25632 http://www.vupen.com/english/advisories/2007/3130 https://bugzilla.redhat.com/show_bug.cgi?id=287881 https://exchange.xforce.ibmcloud.com/vulnerabilities/36558