[Bug 25340] Cross-site scripting (XSS) vulnerability in Semantic MediaWiki

bugzilla-daemon Wed, 29 Sep 2010 15:44:25 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=25340


Jeroen De Dauw <jeroen_ded...@yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED

--- Comment #2 from Jeroen De Dauw <jeroen_ded...@yahoo.com> 2010-09-29 
22:44:18 UTC ---
(In reply to comment #0)
> If you enter:
> 
> <script>alert("CSS Vulnerability");</script>
> 
> into the query window and click on the 'Find results' button, it will pop up 
> an
> alert window the the 'CSS Vulnerability' message.
> 
> This works on all versions of Media wiki and the semantic extensions I have
> tried.
> Works in both Firefox and IE.

It looks like this vulnerability has already been fixed. I can not reproduce it
using the latest SMW. I'm not sure, but suspect I fixed it in 1.5. What version
are you using?

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25340] Cross-site scripting (XSS) vulnerability in Semantic MediaWiki

Reply via email to