Upstream information
Description
Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.NVD CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Novell/SUSE information
Novell Bugzilla entry: 247333 SUSE Security Advisories:- SUSE-SR:2007:006, published Fri, 13 Apr 2007 18:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE 10.2 |
|