4.3
CVSSv2

CVE-2013-4567

Published: 13/12/2013 Updated: 31/12/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki prior to 1.19.9, 1.20.x prior to 1.20.8, and 1.21.x prior to 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS.

Affected Products

Vendor Product Versions
MediawikiMediawiki1.19, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.19.4, 1.19.5, 1.19.6, 1.19.7, 1.19.8, 1.20, 1.20.1, 1.20.2, 1.20.3, 1.20.4, 1.20.5, 1.20.6, 1.20.7, 1.21, 1.21.1, 1.21.2

Vendor Advisories

Debian Bug report logs - #729629 mediawiki: CVE-2013-4567, CVE-2013-4568 and CVE-2013-4572 Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 15 Nov 2013 08:06:02 ...
Debian Bug report logs - #742857 mediawiki: login CSRF in Special:ChangePassword Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Fri, 28 Mar 2014 07:03:01 UTC Severity: importan ...
Several vulnerabilities were discovered in MediaWiki, a wiki engine The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-2031 Cross-site scripting attack via valid UTF-7 encoded sequences in a SVG file CVE-2013-4567 & CVE-2013-4568 Kevin Israel (Wikipedia user PleaseStand) reported two wa ...