CVE-2008-4408 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1 1.12.0 and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.

Reference

http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html http://openwall.com/lists/oss-security/2008/10/02/3 http://secunia.com/advisories/32128 http://secunia.com/advisories/32131 http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES http://www.securityfocus.com/bid/31540 http://www.vupen.com/english/advisories/2008/2737 https://exchange.xforce.ibmcloud.com/vulnerabilities/45632 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00179.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00220.html

Share on: