Hi All,
There is a Cross-Site-Scripting user-specified arbitrary JavaScript and HTML injection
vulnerability in MediaWiki.
This differs from the XSS vuln noted earlier this month, but the basic concept is the
same: malicious data is injected into a
specific value which is not sanitized / escaped before being echoed back to the user's
browser.
Please note that MediaWiki 1.6 (current stable) does NOT appear to be affected. However
current SVN and the live Wikipedia are
affected by this vulnerability.
No extension need to be installed, and the user does not need to be logged in.
Proof-of-Concept details have been emailed to Brion / Tim / Rob Church; These details will
be released to the public on
http://nickj.org/MediaWiki after a suitable delay.
All the best,
Nick.