Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2242

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2242
Last Modified 15 May 2015 10:00:58
Published 01 Mar 2014 11:57:25
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2242

Summary

includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.

Vulnerable Systems

Application

  • Mediawiki 1.1.0

  • Mediawiki 1.10.0

  • Mediawiki 1.10.1

  • Mediawiki 1.10.2

  • Mediawiki 1.10.3

  • Mediawiki 1.10.4

  • Mediawiki 1.11

  • Mediawiki 1.11.0

  • Mediawiki 1.11.1

  • Mediawiki 1.11.2

  • Mediawiki 1.12.0

  • Mediawiki 1.12.1

  • Mediawiki 1.12.2

  • Mediawiki 1.12.3

  • Mediawiki 1.12.4

  • Mediawiki 1.13.0

  • Mediawiki 1.13.1

  • Mediawiki 1.13.2

  • Mediawiki 1.13.3

  • Mediawiki 1.13.4

  • Mediawiki 1.14.0

  • Mediawiki 1.14.1

  • Mediawiki 1.15.0

  • Mediawiki 1.15.1

  • Mediawiki 1.15.2

  • Mediawiki 1.15.3

  • Mediawiki 1.15.4

  • Mediawiki 1.15.5

  • Mediawiki 1.16.0

  • Mediawiki 1.16.1

  • Mediawiki 1.16.2

  • Mediawiki 1.17

  • Mediawiki 1.17.0

  • Mediawiki 1.17.1

  • Mediawiki 1.17.2

  • Mediawiki 1.17.3

  • Mediawiki 1.17.4

  • Mediawiki 1.18

  • Mediawiki 1.18.0

  • Mediawiki 1.18.1

  • Mediawiki 1.18.2

  • Mediawiki 1.18.3

  • Mediawiki 1.19

  • Mediawiki 1.19.0

  • Mediawiki 1.19.1

  • Mediawiki 1.19.10

  • Mediawiki 1.19.11

  • Mediawiki 1.19.2

  • Mediawiki 1.19.3

  • Mediawiki 1.19.4

  • Mediawiki 1.19.5

  • Mediawiki 1.19.6

  • Mediawiki 1.19.7

  • Mediawiki 1.19.8

  • Mediawiki 1.19.9

  • Mediawiki 1.20

  • Mediawiki 1.20.1

  • Mediawiki 1.20.2

  • Mediawiki 1.20.3

  • Mediawiki 1.20.4

  • Mediawiki 1.20.5

  • Mediawiki 1.20.6

  • Mediawiki 1.20.7

  • Mediawiki 1.20.8

  • Mediawiki 1.21

  • Mediawiki 1.21.1

  • Mediawiki 1.21.2

  • Mediawiki 1.21.3

  • Mediawiki 1.21.4

  • Mediawiki 1.21.5

  • Mediawiki 1.22.0

  • Mediawiki 1.22.1

  • Mediawiki 1.22.2


References

CONFIRM - https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z

CONFIRM - https://bugzilla.wikimedia.org/show_bug.cgi?id=60771

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1071135

MLIST - [oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release

MLIST - [oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release

MLIST - [mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12

BID - 65910


Last Updated: 27 May 2016 11:04:31