Candidate: CVE-2009-4589
PublicDate: 2010-01-07 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4589
 http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html
Description:
 Cross-site scripting (XSS) vulnerability in the Special:Block
 implementation in the getContribsLink function in SpecialBlockip.php in
 MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web
 script or HTML via the ip parameter.
Ubuntu-Description:
Notes:
 mdeslaur> Only versions 1.14.0, 1.15.0 and release candidates are affected
Bugs:
 https://bugzilla.wikimedia.org/show_bug.cgi?id=19693
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mediawiki:
upstream_mediawiki: released (1.14.1, 1.15.1)
dapper_mediawiki: ignored (reached end-of-life)
hardy_mediawiki: not-affected (1:1.11.2-2ubuntu0.4)
intrepid_mediawiki: not-affected (1:1.12.0-2ubuntu0.4)
jaunty_mediawiki: not-affected (1:1.13.3-1ubuntu2.1)
karmic_mediawiki: not-affected (1:1.15.0-1.1)
devel_mediawiki: not-affected (1:1.15.1-1ubuntu2)