Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki prior to 1.19.9, 1.20.x prior to 1.20.8, and 1.21.x prior to 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS.
Debian Bug report logs -
mediawiki: login CSRF in Special:ChangePassword
Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon)
Reported by: Henri Salo <henri@nervfi>
Date: Fri, 28 Mar 2014 07:03:01 UTC
Severity: importan ...
Several vulnerabilities were discovered in MediaWiki, a wiki engine
The Common Vulnerabilities and Exposures project identifies the following
Cross-site scripting attack via valid UTF-7 encoded sequences
in a SVG file
Kevin Israel (Wikipedia user PleaseStand) reported two wa ...