Description

Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the "In other languages" section or (2) remote administrators to inject arbitrary web script or HTML via a description.

Remediation

References

CVE-2013-4307

Related Vulnerabilities

WordPress Plugin Bad Behavior Multiple Cross-Site Scripting Vulnerabilities (2.2.4)

Oracle JRE CVE-2012-5073 Vulnerability (CVE-2012-5073)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.36)

WordPress Plugin User Rights Access Manager Security Bypass (1.0.3)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4349)

Severity

Medium

Classification

CVE-2013-4307 CWE-707

Tags

Missing Update Known Vulnerabilities