oss-sec mailing list archives
Re: CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs
From: Chris Steipp <csteipp () wikimedia org>
Date: Fri, 26 Sep 2014 09:13:26 -0700
The issue was that javascript could be injected via the css, so basic xss. On Fri, Sep 26, 2014 at 4:20 AM, Hanno Böck <hanno () hboeck de> wrote:
Hi, I know, I know, this is not a "the internet is on fire"-style vuln :-) However, can we please get a CVE for this: https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html * (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> elements; normalize style elements and attributes before filtering; add checks for attributes that contain css; add unit tests for html5sec and reported bugs. If anyone wants to discuss if this is a real vulnerability, I think it is: Including malicious CSS by less-privileged users could lead to UI manipulation which could cause a more-privileged user to do actions like giving the less-prived user more privs. Upstream Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=69008 Code commit: https://gerrit.wikimedia.org/r/#/c/162777/ Please assign a CVE. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Current thread:
- CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs Hanno Böck (Sep 26)
- Re: CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs Chris Steipp (Sep 26)
- Re: CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs cve-assign (Sep 26)