Description

Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php.

Remediation

References

CVE-2013-4573

Related Vulnerabilities

Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-43665)

WordPress Plugin Advanced Order Export For WooCommerce CSV Injection (1.5.4)

PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19595)

WordPress Plugin WP Advanced Importer Cross-Site Scripting (2.1.1)

MySQL Other Vulnerability (CVE-2009-4019)

Severity

Medium

Classification

CVE-2013-4573 CWE-707

Tags

Missing Update Known Vulnerabilities