Download
| Alert*
DSA-2596-1 mediawiki-extensions -- cross-site scripting
Thorsten Glaser discovered that the RSSReader extension for mediawiki, a website engine for collaborative work, does not properly escape tags in feeds. This could allow a malicious feed to inject JavaScript into the mediawiki pages.
|