Your submission was sent successfully! Close

CVE-2011-1578

Published: 27 April 2011

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.

Priority

Medium

Status

Package Release Status
mediawiki
Launchpad, Ubuntu, Debian
Upstream
Released (1.16.3)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1:1.19.2-1])
Patches:
Vendor: http://www.debian.org/security/2011/dsa-2366