[Bug 25340] Cross-site scripting (XSS) vulnerability in Semantic MediaWiki

bugzilla-daemon Wed, 29 Sep 2010 14:16:50 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=25340


Jeroen De Dauw <jeroen_ded...@yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|Normal                      |High
             Status|NEW                         |ASSIGNED
                 CC|                            |jeroen_ded...@yahoo.com,
                   |                            |mar...@semantic-mediawiki.o
                   |                            |rg
         AssignedTo|mar...@semantic-mediawiki.o |jeroen_ded...@yahoo.com
                   |rg                          |
           Severity|normal                      |major

--- Comment #1 from Jeroen De Dauw <jeroen_ded...@yahoo.com> 2010-09-29 
21:16:31 UTC ---
(In reply to comment #0)
> If you enter:
> 
> <script>alert("CSS Vulnerability");</script>
> 
> into the query window and click on the 'Find results' button, it will pop up 
> an
> alert window the the 'CSS Vulnerability' message.
> 
> This works on all versions of Media wiki and the semantic extensions I have
> tried.
> Works in both Firefox and IE.

Thanks for pointing this out. I will be fixing this today, and make a new SMW
release soon afterwards.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25340] Cross-site scripting (XSS) vulnerability in Semantic MediaWiki

Reply via email to