Описание
Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject.
Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-4308
- https://bugzilla.wikimedia.org/show_bug.cgi?id=53320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86891
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
- http://osvdb.org/96906
- http://seclists.org/oss-sec/2013/q3/553
- http://www.securityfocus.com/bid/62218
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject.