Description

Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php.

Remediation

References

CVE-2013-4573

Related Vulnerabilities

WordPress Plugin PublishPress Capabilities-User Role Access, Editor Permissions, Admin Menus Security Bypass (2.3)

Envoy Proxy Use After Free Vulnerability (CVE-2021-43825)

WordPress Plugin WP Ultimate Exporter Cross-Site Scripting (1.0)

e107 Other Vulnerability (CVE-2006-4757)

MySQL CVE-2021-2060 Vulnerability (CVE-2021-2060)

Severity

Medium

Classification

CVE-2013-4573 CWE-707

Tags

Missing Update Known Vulnerabilities