malberts
commented
1 year ago The error suggests this is in https://github.com/SemanticMediaWiki/SemanticResultFormats, not SemanticMediaWiki.
Closed infecticide closed 1 year ago
malberts
commented
1 year ago The error suggests this is in https://github.com/SemanticMediaWiki/SemanticResultFormats, not SemanticMediaWiki.
infecticide
commented
1 year ago Sorry I assumed since that extension comes with the source that it was part of this repo. I see now that this belongs elsewhere.
kghbln
commented
1 year ago We have the option to transfer an issue within the organization. I assume that it is still an issue, thus reopening.
infecticide
commented
1 year ago After closing this and searching over here instead, I see that the Exhibit report format is disabled by default and is actually being removed from future versions due to the this same issue.
See #448
infecticide
commented
1 year ago To mitigate this for now, I have deleted the "SemanticResultFormats/formats/Exhibit" directory from my installation.
kghbln
commented
1 year ago Ah, exhibit. I should have seen this. Thanks!
Setup
Issue
Detailed description of the issue and a stack trace if applicable:
Greenbone security scanner (OpenVAS) has detected an outdated JQuery library that is vulnerable to XSS attacks.
CVE-2012-6708 ( )
File detected /var/www/redacted/mediawiki-1.37.2/extensions/SemanticResultFormats/formats/Exhibit/ajax/scripts/jquery-1.3.2.min.js
Steps to reproduce the observation (recommendation is to use the sandbox): Run an authenticated OpenVAS scan against a web server containing Mediawiki with the SemanticWiki extensions.