Description

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.

Remediation

References

CVE-2013-6453

Related Vulnerabilities

Drupal Core 8.8.x Arbitrary File Overwrite (8.8.0 - 8.8.12)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-9712)

WordPress Plugin Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Cross-Site Scripting (5.1.0)

WordPress Plugin WooCommerce-Store Toolkit Privilege Escalation (1.5.6)

WordPress Plugin WPBook Cross-Site Request Forgery (2.7)

Severity

High

Classification

CVE-2013-6453 CWE-20

Tags

Missing Update Known Vulnerabilities