Re: CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs

[Chris Steipp <csteipp () wikimedia org>]

The issue was that javascript could be injected via the css, so basic xss.

On Fri, Sep 26, 2014 at 4:20 AM, Hanno Böck <hanno () hboeck de> wrote:
> Hi,
>
> I know, I know, this is not a "the internet is on fire"-style vuln :-)
>
> However, can we please get a CVE for this:
> https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html
>
> * (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter
>   <style> elements; normalize style elements and attributes before
>   filtering; add checks for attributes that contain css; add unit tests
>   for html5sec and reported bugs.
>
> If anyone wants to discuss if this is a real vulnerability, I think it
> is: Including malicious CSS by less-privileged users could lead to UI
> manipulation which could cause a more-privileged user to do actions
> like giving the less-prived user more privs.
>
>
> Upstream Bug:
> https://bugzilla.wikimedia.org/show_bug.cgi?id=69008
>
> Code commit:
> https://gerrit.wikimedia.org/r/#/c/162777/
>
> Please assign a CVE.
>
> cu,
> --
> Hanno Böck
> http://hboeck.de/
>
> mail/jabber: hanno () hboeck de
> GPG: BBB51E42