Description

Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.

Remediation

References

CVE-2013-6451

Related Vulnerabilities

Django Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-0696)

WordPress Plugin My Calendar Multiple Cross-Site Scripting Vulnerabilities (1.10.1)

WordPress Plugin Connections Business Directory Cross-Site Scripting (8.5.8)

WordPress Plugin Relocate Upload 'abspath' Parameter Remote File Include (0.14)

WordPress Plugin Weather Effect-Christmas Santa Snow Falling Cross-Site Scripting (1.3.5)

Severity

Medium

Classification

CVE-2013-6451 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities