FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- hardcoded placeholder string security bypass vulnerability

Affected packages
mediawiki < 1.5.4


VuXML ID 99015cf5-c4dd-11da-b2fb-000e0c2e438a
Discovery 2005-12-22
Entry 2006-04-05

The mediawiki development team reports a vulnerability within the mediawiki application. The vulnerability is caused by improper checking of inline style attributes. This could result in the execution of arbitrary javascript code in Microsoft Internet Explorer. It appears that other browsers are not affected by this vulnerability.


Bugtraq ID 16032
CVE Name CAN-2005-4501