Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2014-2242

Опубликовано: 02 мар. 2014
Источник: ubuntu
Приоритет: medium
CVSS2: 4.3

Описание

includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.

РелизСтатусПримечание
devel

not-affected

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [1:1.19.14+dfsg-1]]
lucid

ignored

end of life
precise

ignored

end of life
precise/esm

DNE

precise was needs-triage
quantal

ignored

end of life
saucy

ignored

end of life
trusty

not-affected

1:1.19.14+dfsg-1
trusty/esm

DNE

trusty was not-affected [1:1.19.14+dfsg-1]
upstream

released

1.19.12

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2014-2242

nvd
почти 12 лет назад

includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.

debian логотип

CVE-2014-2242

debian
почти 12 лет назад

includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and ...

github логотип

GHSA-xvhv-fm6p-g8q4

github
больше 3 лет назад

includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.

4.3 Medium

CVSS2