vulnerability

MediaWiki: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2013-1951)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Oct 31, 2019	Dec 3, 2019	May 25, 2022

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Oct 31, 2019

Added

Dec 3, 2019

Modified

May 25, 2022

Description

A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.

Solutions

mediawiki-upgrade-1_19_5mediawiki-upgrade-1_20_4

References

CVE-2013-1951
https://attackerkb.com/topics/CVE-2013-1951
URL-http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html
URL-http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html
URL-http://security.gentoo.org/glsa/glsa-201310-21.xml
URL-http://www.openwall.com/lists/oss-security/2013/04/16/12
URL-http://www.securityfocus.com/bid/59077
URL-https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951
URL-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951
URL-https://phabricator.wikimedia.org/T48084
URL-https://security-tracker.debian.org/tracker/CVE-2013-1951

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today