https://bugzilla.wikimedia.org/show_bug.cgi?id=34257
--- Comment #7 from Roan Kattouw <[email protected]> 2012-04-12 06:46:32 UTC --- (In reply to comment #6) > Mediawiki correctly issued a message saying that "<script>somescript" is an > invalid language code but the vulnerability scanner falsely interpreted the > echoed message as a positive injection. Confirmed that this is a false positive. The Content-Type of the response is text/javascript, the injected text is wrapped in a comment, and injection of "*/" is protected against. Tested in Chromium and IE. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
