8 matches found
MediaWiki < 1.19.9 / 1.20.8 / 1.21.3 Multiple Vulnerabilities
According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities : - Input validation errors exist that allow cross-site scripting attacks. CVE-2013-4567, CVE-2013-4568 - An error exists related to session IDs and HTTP headers that...
Fedora 20 : mediawiki-1.21.3-1.fc20 (2013-22047)
Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly...
Fedora 18 : mediawiki-1.19.9-1.fc18 (2013-21874)
Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly...
CVE-2013-4573
Cross-site scripting XSS vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php...
CVE-2013-4573
Cross-site scripting XSS vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php...
Cross site scripting
Cross-site scripting XSS vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php...
CVE-2013-4573
Cross-site scripting XSS vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php...
CVE-2013-4573
CVE-2013-4573: XSS in the ZeroRatedMobileAccess extension for MediaWiki through index.php?to. Affected: MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, 1.21.x before 1.21.3. Root cause: input validation flaw in ZeroRatedMobileAccess enabling remote script/HTML injection. Impact: potential r...