CVE-2013-4303

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2013-4303
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2013-4303.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2013-4303
Published
2019-12-11T19:15:12Z
Modified
2024-06-30T12:01:22Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.

References

Affected packages

Debian:11 / mediawiki

Package

Name
mediawiki
Purl
pkg:deb/debian/mediawiki?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.19.8+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / mediawiki

Package

Name
mediawiki
Purl
pkg:deb/debian/mediawiki?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.19.8+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / mediawiki

Package

Name
mediawiki
Purl
pkg:deb/debian/mediawiki?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.19.8+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}