Candidate: CVE-2008-4408
PublicDate: 2008-10-03 17:41:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4408
Description:
 Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and
 possibly other versions before 1.13.2 allows remote attackers to inject
 arbitrary web script or HTML via the useskin parameter to an unspecified
 component.
Ubuntu-Description:
Notes:
 jdstrand> per laney, Dapper and Gutsy have different code
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/mediawiki/+bug/290015
Priority: medium
Discovered-by:
Assigned-to: laney
CVSS: 

Patches_mediawiki:
 debdiff: https://bugs.launchpad.net/ubuntu/+source/mediawiki/+bug/290015
upstream_mediawiki: released (1:1.13.2-1)
dapper_mediawiki: not-affected
feisty_mediawiki: needed (reached end-of-life)
gutsy_mediawiki: not-affected
hardy_mediawiki: released (1:1.11.2-2ubuntu0.1)
intrepid_mediawiki: released (1:1.12.0-2ubuntu0.1)
devel_mediawiki: not-affected (1:1.13.2-1)