105841 – (CVE-2005-2396) VUL-0: CVE-2005-2396: mediawiki problem in 1.4.6 ?

Bug 105841 (CVE-2005-2396) - VUL-0: CVE-2005-2396: mediawiki problem in 1.4.6 ?

Summary: VUL-0: CVE-2005-2396: mediawiki problem in 1.4.6 ?

Status:	RESOLVED FIXED

Alias:	CVE-2005-2396

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other All

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Marcus Meissner
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2005-2396: CVSS v2 Base Score: 4....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-08-19 13:40 UTC by Marcus Meissner
Modified:	2021-11-10 14:50 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2005-08-19 13:40:14 UTC

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2396 
 
has 
 
Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows 
remote attackers to inject arbitrary web script or HTML via a parameter to the 
page move template. 
 
Did we fix this already?

Comment 1 Sebastian Krahmer 2005-08-23 11:24:25 UTC

Petr?

Comment 2 Petr Ostadal 2005-08-23 15:00:11 UTC

Anicka made last security fix for mediaviki (now she has vacation), but in
changelog of php (on SL9.3) is written that she backported security bugs from
1.4.5 and 1.4.6 . Tha means we have to fixed this bug.

Comment 3 Vladimir Nadvornik 2005-08-24 13:21:46 UTC

1.4.7 is affected too. It is fixed in 1.4.8. I will submit fixed packages.

Comment 4 Vladimir Nadvornik 2005-08-24 14:52:34 UTC

Fixed packages for 9.3 and STABLE are submitted.

Comment 5 Marcus Meissner 2005-08-25 13:15:55 UTC

SWAMP 2130 
 
patchinfos submitted

Comment 6 Marcus Meissner 2005-08-29 13:32:57 UTC

Vladimir, can you please unbreak the build? 
 
mediawiki: "/srv/www/htdocs/mediawiki/includes/ChangesList.php.orig" is not 
allo 
wed anymore in SuSE Linux. 
mediawiki: "/srv/www/htdocs/mediawiki/includes/Parser.php.orig" is not allowed 
a 
nymore in SuSE Linux.

Comment 7 Vladimir Nadvornik 2005-08-29 15:58:51 UTC

sorry, fixed package is submitted.

Comment 8 Marcus Meissner 2005-09-01 08:53:54 UTC

released this one.

Comment 9 Thomas Biege 2009-10-13 20:43:54 UTC

CVE-2005-2396: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)