|
Message-ID: <CAKcmtDxDbo+kGrrz_8XTJqwwQb3XvjZm36zfCutBgogczQNyGw@mail.gmail.com> Date: Fri, 26 Sep 2014 09:13:26 -0700 From: Chris Steipp <csteipp@...imedia.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs The issue was that javascript could be injected via the css, so basic xss. On Fri, Sep 26, 2014 at 4:20 AM, Hanno Böck <hanno@...eck.de> wrote: > Hi, > > I know, I know, this is not a "the internet is on fire"-style vuln :-) > > However, can we please get a CVE for this: > https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html > > * (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter > <style> elements; normalize style elements and attributes before > filtering; add checks for attributes that contain css; add unit tests > for html5sec and reported bugs. > > If anyone wants to discuss if this is a real vulnerability, I think it > is: Including malicious CSS by less-privileged users could lead to UI > manipulation which could cause a more-privileged user to do actions > like giving the less-prived user more privs. > > > Upstream Bug: > https://bugzilla.wikimedia.org/show_bug.cgi?id=69008 > > Code commit: > https://gerrit.wikimedia.org/r/#/c/162777/ > > Please assign a CVE. > > cu, > -- > Hanno Böck > http://hboeck.de/ > > mail/jabber: hanno@...eck.de > GPG: BBB51E42
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.