> > == Security fixes in 1.24.1, 1.23.8, 1.22.15 and 1.19.23 == > * (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, > which could lead to xss. Permission to edit MediaWiki namespace is > required > to exploit this.
Really? That's stretching the definition of a security bug. (Remember that mediawiki:copyright is a raw html message, that's included on many more pages. Not to mention the whole MediaWiki:Common.js thing) --bawolff _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
