[Bug 17600] New: Security Vulnerability in Custom Toolbar extension

bugzilla-daemon Sat, 21 Feb 2009 11:28:22 -0800

https://bugzilla.wikimedia.org/show_bug.cgi?id=17600


           Summary: Security Vulnerability in Custom Toolbar extension
           Product: MediaWiki extensions
           Version: any
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: Normal
         Component: Uniwiki
        AssignedTo: [email protected]
        ReportedBy: [email protected]
                CC: [email protected]


In various places within the Uniwiki Custom Toolbar extension, user-supplied
text (either from within pages, messages, or POST\GET data) is injected in to
JavaScript without sanitization - this poses a possible security vulnerability
and would likely cause the extension to malfunction if a quotation mark were
included in any of the pieces of text.

The following lines in CustomToolbar.php are possibly affected: 152, 159, 166,
331, 332, and 333.


-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 17600] New: Security Vulnerability in Custom Toolbar extension

Reply via email to