[Bug 24199] DynamicPageList2 has security issues

bugzilla-daemon Tue, 07 Aug 2012 17:34:18 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=24199


Jan Schejbal <jan-bugrep...@gmx.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|Low                         |Normal
                 CC|                            |jan-bugrep...@gmx.de
           Severity|enhancement                 |critical

--- Comment #8 from Jan Schejbal <jan-bugrep...@gmx.de> 2012-08-08 00:34:12 UTC 
---
I was able to perform XSS on revision 72454 and have no reason to believe this
wouldn't work with current versions. I do not want to publicly disclose the
exploit. That $wgRawHtml hack really needs to go away. Setting such a global
variable and never changing it back (!) sounds like a great way to cause nasty
security issues everywhere.

I have set severity=critical, priority=normal, please correct it if that was
wrong.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 24199] DynamicPageList2 has security issues

Reply via email to