Oval Definition:	oval:com.ubuntu.trusty:def:20142242000
Revision Date: 2014-03-01 Version: 1 Title: CVE-2014-2242 on Ubuntu 14.04 LTS (trusty) - medium. Description: includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element. Family: unix Class: vulnerability Status: Reference(s): CVE-2014-2242 Platform(s): Ubuntu 14.04 LTS Product(s): Definition Synopsis Ubuntu 14.04 LTS (trusty) is installed. AND NOT While related to the CVE in some way, the 'mediawiki' package in trusty is not affected (note: '1:1.19.14+dfsg-1').
BACK