Published: 12/05/2014 Updated: 13/05/2014

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to inject arbitrary web script or HTML via crafted XSL in an SVG file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mediawiki mediawiki 1.22.0
mediawiki mediawiki 1.21
mediawiki mediawiki 1.21.1
mediawiki mediawiki 1.21.2
mediawiki mediawiki 1.21.3
mediawiki mediawiki 1.19
mediawiki mediawiki 1.19.6
mediawiki mediawiki 1.19.8
mediawiki mediawiki 1.19.0
mediawiki mediawiki 1.19.7
mediawiki mediawiki
mediawiki mediawiki 1.19.1
mediawiki mediawiki 1.19.2
mediawiki mediawiki 1.19.3
mediawiki mediawiki 1.19.4
mediawiki mediawiki 1.19.5

Debian Bug report logs - #742857 mediawiki: login CSRF in Special:ChangePassword Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Fri, 28 Mar 2014 07:03:01 UTC Severity: importan ...

Several vulnerabilities were discovered in MediaWiki, a wiki engine The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-2031 Cross-site scripting attack via valid UTF-7 encoded sequences in a SVG file CVE-2013-4567 & CVE-2013-4568 Kevin Israel (Wikipedia user PleaseStand) reported two wa ...

CWE-79 http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742857 https://www.debian.org/security/./dsa-2891

CVE-2013-6452

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect