vulnerability

MediaWiki: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2013-6451)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jan 28, 2020	Feb 3, 2020	May 25, 2022

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jan 28, 2020

Added

Feb 3, 2020

Modified

May 25, 2022

Description

Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.

Solutions

mediawiki-upgrade-1_19_10mediawiki-upgrade-1_21_4mediawiki-upgrade-1_22_1

References

CVE-2013-6451
https://attackerkb.com/topics/CVE-2013-6451
URL-http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today