CVE-2013-1951Cross-site Scripting in Mediawiki

CWE-79Cross-site Scripting9 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
2.0%
top 16.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
MediawikiDebian MediawikiIkimedia Foundation Mediawiki+1 more
Timeline
PublishedOct 31
Latest updateMay 5

Description

A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

debiandebian/mediawiki< mediawiki 1:1.19.5-1 (bookworm)
NVDmediawiki/mediawiki1.20.01.20.4+1
Debianmediawiki/mediawiki< 1:1.19.5-1+3
CVEListV5ikimedia_foundation/mediawikibefore 1.19.5 and 1.20.x before 1.20.4

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

2
GHSA
GHSA-6f76-xp7g-326v: A cross-site scripting (XSS) vulnerability in MediaWiki before 12022-05-05
OSV
CVE-2013-1951: A cross-site scripting (XSS) vulnerability in MediaWiki before 12019-10-31

📋Vendor Advisories

1
Debian
CVE-2013-1951: mediawiki - A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x...2013

💬Community

5
Bugzilla
CVE-2013-1951 mediawiki various flaws [epel-5]2013-04-18
Bugzilla
CVE-2013-1951 mediawiki116 various flaws [epel-all]2013-04-18
Bugzilla
CVE-2013-1951 mediawiki: security releases 1.20.4 and 1.19.52013-04-18
Bugzilla
CVE-2013-1951 mediawiki: security releases 1.20.4 and 1.19.5 [fedora-all]2013-04-18
Bugzilla
CVE-2013-1951 mediawiki: security releases 1.20.4 and 1.19.5 [epel-6]2013-04-18
CVE-2013-1951 — Cross-site Scripting in Mediawiki | cvebase