FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- hardcoded placeholder string security bypass vulnerability

Affected packages
mediawiki < 1.5.4

Details

VuXML ID 99015cf5-c4dd-11da-b2fb-000e0c2e438a
Discovery 2005-12-22
Entry 2006-04-05

The mediawiki development team reports a vulnerability within the mediawiki application. The vulnerability is caused by improper checking of inline style attributes. This could result in the execution of arbitrary javascript code in Microsoft Internet Explorer. It appears that other browsers are not affected by this vulnerability.

References

Bugtraq ID 16032
CVE Name CAN-2005-4501
URL http://sourceforge.net/project/shownotes.php?release_id=379951

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.