[Bug 25340] New: Cross Site Scripting Vulnerability

bugzilla-daemon Mon, 27 Sep 2010 12:54:09 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=25340


           Summary: Cross Site Scripting Vulnerability
           Product: MediaWiki extensions
           Version: any
          Platform: All
               URL: http://semantic-mediawiki.org/wiki/Special:Ask
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: Semantic MediaWiki
        AssignedTo: mar...@semantic-mediawiki.org
        ReportedBy: david.pa...@commercebank.com


If you enter:

<script>alert("CSS Vulnerability");</script>

into the query window and click on the 'Find results' button, it will pop up an
alert window the the 'CSS Vulnerability' message.

This works on all versions of Media wiki and the semantic extensions I have
tried.
Works in both Firefox and IE.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25340] New: Cross Site Scripting Vulnerability

Reply via email to