headers
Nick Jenkins | 1 Jun 2006 02:54
Picon
Gravatar

User-specified JavaScript execution Vuln with two specific extensions

Hi All,

There is a mouseover user-specified JavaScript execution vulnerability
affecting MediaWiki 1.6.6 when running with two specific extensions.

One of those extension is installed on the Wikipedia, but the other is
not. Therefore the Wikipedia (and most MediaWiki installations) are
not affected.

Details have been provided to security@... as per the
instructions at: http://www.mediawiki.org/wiki/Security , and will be
made public in due course at: http://nickj.org/MediaWiki

All the best,
Nick.
Permalink | Reply |
headers
Brion Vibber | 1 Jun 2006 02:59
Picon
Favicon
Gravatar

Re: User-specified JavaScript execution Vuln with two specific extensions

Nick Jenkins wrote:
> There is a mouseover user-specified JavaScript execution vulnerability
> affecting MediaWiki 1.6.6 when running with two specific extensions.

Specifically this is with the experimental <sort> extension. Nobody should be
using that one just yet, as it's still under development.

-- brion vibber (brion  <at>  pobox.com)


_______________________________________________
Wikitech-l mailing list
Wikitech-l@...
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Permalink | Reply |

Gmane