Candidate: CVE-2008-5250
PublicDate: 2008-12-19 17:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5250
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508868
Description:
 Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x
 before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and
 uploads are enabled, or an SVG scripting browser is used and SVG uploads
 are enabled, allows remote authenticated users to inject arbitrary web
 script or HTML by editing a wiki page.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mediawiki:
upstream_mediawiki: released (1:1.13.3-1)
dapper_mediawiki: ignored (reached end-of-life)
gutsy_mediawiki: needed (reached end-of-life)
hardy_mediawiki: released (1:1.11.2-2ubuntu0.2)
intrepid_mediawiki: released (1:1.12.0-2ubuntu0.2)
jaunty_mediawiki: not-affected (1:1.13.3-1)
karmic_mediawiki: not-affected (1:1.13.3-1)
devel_mediawiki: not-affected (1:1.13.3-1)