CVE-2013-4567 — Cross-site Scripting in Mediawiki

9 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 36.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedDec 13

Latest updateMay 17

Description

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1:1.19.8+dfsg-2.2 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.19.8+dfsg-2.2+3

▶NVDmediawiki/mediawiki1.19.8+20

🔴Vulnerability Details

GHSA

GHSA-r328-753q-m689: Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1↗2022-05-17

▶

OSV

CVE-2013-4567: Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1↗2013-12-13

▶

📋Vendor Advisories

Debian

CVE-2013-4567: mediawiki - Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1....↗2013

▶

💬Community

Bugzilla

CVE-2013-4568 CVE-2013-4572 CVE-2013-4567 mediawiki119: mediawiki: security releases 1.21.3, 1.20.8, and 1.19.9 [epel-6]↗2013-11-15

▶

Bugzilla

CVE-2013-4568 CVE-2013-4572 CVE-2013-4567 mediawiki: security releases 1.21.3, 1.20.8, and 1.19.9 [epel-5]↗2013-11-15

▶

Bugzilla

CVE-2013-4568 CVE-2013-4572 CVE-2013-4567 mediawiki: security releases 1.21.3, 1.20.8, and 1.19.9 [fedora-all]↗2013-11-15

▶

Bugzilla

CVE-2013-4567 CVE-2013-4568 CVE-2013-4572 mediawiki: security releases 1.21.3, 1.20.8, and 1.19.9↗2013-11-15

▶

Bugzilla

CVE-2013-4568 CVE-2013-4572 CVE-2013-4567 mediawiki119: mediawiki: security releases 1.21.3, 1.20.8, and 1.19.9 [fedora-18]↗2013-11-15

▶