Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-4408

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.

Related bugs and status

CVE-2008-4408 (Candidate) is related to these bugs:

Bug #290015: [CVE-2008-4408] XSS attack vulnerability

		In	Importance	Status
290015	[CVE-2008-4408] XSS attack vulnerability	mediawiki (Ubuntu)	Undecided	Invalid
290015	[CVE-2008-4408] XSS attack vulnerability	mediawiki (Ubuntu Hardy)	Undecided	Fix Released
290015	[CVE-2008-4408] XSS attack vulnerability	mediawiki (Ubuntu Intrepid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008100...
CONFIRM: http://svn.wikimedia.o...
FEDORA: FEDORA-2008-8639
FEDORA: FEDORA-2008-8678
SECUNIA: 32128
MLIST: [MediaWiki-announce] 2...
CONFIRM: http://svn.wikimedia.o...
BID: 31540
SECUNIA: 32131
VUPEN: ADV-2008-2737
XF: mediawiki-useskin-xss(...