Oval Definition:oval:org.mitre.oval:def:7936
Revision Date:2014-06-23Version:18
Title:DSA-1901 mediawiki1.7 -- several vulnerabilities
Description:Several vulnerabilities have been discovered in mediawiki1.7, a website engine for collaborative work. The Common Vulnerabilities and Exposures project identifies the following problems: David Remahl discovered that mediawiki1.7 is prone to a cross-site scripting attack. David Remahl discovered that mediawiki1.7, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page. David Remahl discovered that mediawiki1.7 is prone to a cross-site request forgery vulnerability in the Special:Import feature. It was discovered that mediawiki1.7 is prone to a cross-site scripting attack in the web-based installer.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2008-5249
CVE-2008-5250
CVE-2008-5252
CVE-2009-0737
DSA-1901
Platform(s):Debian GNU/Linux 4.0
Product(s):mediawiki1.7
Definition Synopsis
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND mediawiki1.7 is earlier than 1.7.1-9etch1
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND mediawiki1.7-math is earlier than 1.7.1-9etch1
    • BACK