CVE-2013-6451Cross-site Scripting in Mediawiki

CWE-79Cross-site Scripting7 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 46.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MediawikiDebian MediawikiWikimedia Foundation Mediawiki
Timeline
PublishedJan 28
Latest updateMay 5

Description

Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

debiandebian/mediawiki< mediawiki 1:1.19.10+dfsg-1 (bookworm)
NVDmediawiki/mediawiki1.19.91.19.10+2
Debianmediawiki/mediawiki< 1:1.19.10+dfsg-1+3
CVEListV5wikimedia_foundation/mediawiki1.19.9 before 1.19.10, 1.22.x before 1.22.1, 1.2x before 1.21.4+2

🔴Vulnerability Details

2
GHSA
GHSA-423m-g5gq-97wq: Cross-site scripting (XSS) vulnerability in MediaWiki 12022-05-05
OSV
CVE-2013-6451: Cross-site scripting (XSS) vulnerability in MediaWiki 12020-01-28

📋Vendor Advisories

1
Debian
CVE-2013-6451: mediawiki - Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2...2013

💬Community

3
Bugzilla
New mediawiki security releases have been released2014-01-14
Bugzilla
CVE-2013-6472 CVE-2013-6451 CVE-2013-6452 CVE-2013-6453 mediawiki119: mediawiki: security releases 1.22.1, 1.21.4 and 1.19.10 [epel-6]2014-01-14
Bugzilla
CVE-2013-6451 CVE-2013-6452 CVE-2013-6453 CVE-2013-6454 CVE-2013-6472 mediawiki: security releases 1.22.1, 1.21.4 and 1.19.102014-01-14
CVE-2013-6451 — Cross-site Scripting in Mediawiki | cvebase