CVE-2013-4568Cross-site Scripting in Mediawiki

10 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 34.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedDec 13
Latest updateMay 17

Description

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1:1.19.8+dfsg-2.2 (bookworm)
Debianmediawiki/mediawiki< 1:1.19.8+dfsg-2.2+3
NVDmediawiki/mediawiki1.19.8+20

🔴Vulnerability Details

2
GHSA
GHSA-gx65-cr9q-7fgc: Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 12022-05-17
OSV
CVE-2013-4568: Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 12013-12-13

📋Vendor Advisories

1
Debian
CVE-2013-4568: mediawiki - Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1....2013

💬Community

6
Bugzilla
CVE-2013-6451 CVE-2013-6452 CVE-2013-6453 CVE-2013-6454 CVE-2013-6472 mediawiki: security releases 1.22.1, 1.21.4 and 1.19.102014-01-14
Bugzilla
CVE-2013-4568 CVE-2013-4572 CVE-2013-4567 mediawiki119: mediawiki: security releases 1.21.3, 1.20.8, and 1.19.9 [epel-6]2013-11-15
Bugzilla
CVE-2013-4568 CVE-2013-4572 CVE-2013-4567 mediawiki: security releases 1.21.3, 1.20.8, and 1.19.9 [epel-5]2013-11-15
Bugzilla
CVE-2013-4568 CVE-2013-4572 CVE-2013-4567 mediawiki: security releases 1.21.3, 1.20.8, and 1.19.9 [fedora-all]2013-11-15
Bugzilla
CVE-2013-4567 CVE-2013-4568 CVE-2013-4572 mediawiki: security releases 1.21.3, 1.20.8, and 1.19.92013-11-15