Description

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute.

Remediation

References

CVE-2013-6454

Related Vulnerabilities

WordPress Plugin Social Share Icons & Social Share Buttons Security Bypass (3.0.2)

WordPress Plugin RapidLoad Power-Up for Autoptimize Multiple Vulnerabilities (1.7.1)

WordPress Plugin Thrive Quiz Builder Security Bypass (2.3.9.3)

WordPress Plugin Joy Of Text Lite-SMS messaging for WordPress SQL Injection (2.3.0)

WordPress Plugin WordPress Photo Gallery by Gallery Bank Multiple Cross-Site Scripting Vulnerabilities (2.0.19)

Severity

Medium

Classification

CVE-2013-6454 CWE-707

Tags

Missing Update Known Vulnerabilities