Description

Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Remediation

References

CVE-2013-4305

Related Vulnerabilities

MySQL CVE-2016-0646 Vulnerability (CVE-2016-0646)

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)

WordPress Plugin Timesheet by BestWebSoft Cross-Site Scripting (0.1.4)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2015-8394)

Envoy Proxy CVE-2020-25018 Vulnerability (CVE-2020-25018)

Severity

Medium

Classification

CVE-2013-4305 CWE-707

Tags

Missing Update Known Vulnerabilities