CVE-2014-7295

描述

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.

受影響套件(2)

• Debian/mediawikifrom 0, < 1:1.19.20+dfsg-1
• Debian/mediawikifrom 0, < 1:1.19.20+dfsg-0+deb7u1

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-7295