Page MenuHomePhabricator
Create Task
Maniphest T8055

Javascript Security Exploit
Closed, ResolvedPublic
Actions

Description

Author: naconk

Description:
(copied from email)
Hi All,

Second MediaWiki 1.6.5 JavaScript Execution Vulnerability in the Parser.

Unlike the previous one, this one affects the live Wikipedia too (i.e.
tidy does not prevent it).

Vuln is here: http://nickj.org/MediaWiki/Parser25
And also on the wikipedia here:
http://en.wikipedia.org/wiki/User:Nickj/JS-vuln-2

And the full list of Parser problems is here: http://nickj.org/MediaWiki
(Anything with yellow or red in the "Security aspects?" column is a
potential or actual JS execution problem, respectively; everything
else is an HTML validation problem).

All the best,
Nick.

Version: unspecified
Severity: critical
OS: Windows XP
URL: http://en.wikipedia.org/wiki/User:Nickj/JS-vuln-2

Details

Reference
bz6055

Event Timeline

bzimport raised the priority of this task from to High.Nov 21 2014, 9:19 PM
bzimport added a project: MediaWiki-General.
bzimport set Reference to bz6055.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.May 23 2006, 3:07 AM
brion added a comment.May 23 2006, 4:16 AM

Fixed on trunk in r14349.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL