Candidate: CVE-2014-3966
PublicDate: 2014-06-06 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3966
 https://bugzilla.wikimedia.org/show_bug.cgi?id=65501
Description:
 Cross-site scripting (XSS) vulnerability in Special:PasswordReset in
 MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7,
 when wgRawHtml is enabled, allows remote attackers to inject arbitrary web
 script or HTML via an invalid username.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750527
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mediawiki:
upstream_mediawiki: released (1.19.16)
lucid_mediawiki: ignored (reached end-of-life)
precise_mediawiki: ignored (reached end-of-life)
precise/esm_mediawiki: DNE (precise was needs-triage)
saucy_mediawiki: ignored (reached end-of-life)
trusty_mediawiki: ignored (reached end-of-life)
trusty/esm_mediawiki: DNE (trusty was needed)
utopic_mediawiki: ignored (reached end-of-life)
vivid_mediawiki: ignored (reached end-of-life)
vivid/stable-phone-overlay_mediawiki: DNE
vivid/ubuntu-core_mediawiki: DNE
wily_mediawiki: ignored (reached end-of-life)
xenial_mediawiki: DNE
yakkety_mediawiki: ignored (reached end-of-life)
zesty_mediawiki: ignored (reached end-of-life)
artful_mediawiki: ignored (reached end-of-life)
bionic_mediawiki: not-affected (1:1.19.16+dfsg-1)
cosmic_mediawiki: not-affected (1:1.19.16+dfsg-1)
disco_mediawiki: not-affected (1:1.19.16+dfsg-1)
devel_mediawiki: not-affected (1:1.19.16+dfsg-1)