Lucene search

K
cvelistRedhatCVELIST:CVE-2013-4303
HistoryDec 11, 2019 - 6:30 p.m.

CVE-2013-4303

2019-12-1118:30:37
redhat
www.cve.org

6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.3%

includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of “.” (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.

CNA Affected

[
  {
    "product": "MediaWiki",
    "vendor": "Wikimedia Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "1.19.x before 1.19.8"
      },
      {
        "status": "affected",
        "version": "1.20.x before 1.20.7"
      },
      {
        "status": "affected",
        "version": "and 1.21.x before 1.21.2"
      }
    ]
  }
]

6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.3%