Vulnerability Name:

CVE-2013-1951 (CCN-170850)

Assigned:2013-03-13
Published:2013-03-13
Updated:2020-08-18
Summary:A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.
CVSS v3 Severity:6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Cross-Site Scripting
References:Source: MITRE
Type: CNA
CVE-2013-1951

Source: MISC
Type: Mailing List, Release Notes, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html

Source: MISC
Type: Mailing List, Release Notes, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html

Source: MISC
Type: Third Party Advisory
http://security.gentoo.org/glsa/glsa-201310-21.xml

Source: MISC
Type: Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/04/16/12

Source: MISC
Type: Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/59077

Source: MISC
Type: Third Party Advisory
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951

Source: CCN
Type: Red Hat Bugzilla – Bug 953666
(CVE-2013-1951) - CVE-2013-1951 mediawiki: security releases 1.20.4 and 1.19.5

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951

Source: XF
Type: UNKNOWN
mediawiki-cve20131951-xss(170850)

Source: CCN
Type: Fedora Project Web site
Information for build mediawiki-1.19.5-1.fc18

Source: CONFIRM
Type: Vendor Advisory
https://phabricator.wikimedia.org/T48084

Source: MISC
Type: Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2013-1951

Source: CCN
Type: MediaWiki Web site
MediaWiki

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-1951

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mediawiki:mediawiki:*:*:*:*:*:*:*:* (Version < 1.19.5)
  • OR cpe:/a:mediawiki:mediawiki:*:*:*:*:*:*:*:* (Version >= 1.20.0 and < 1.20.4)
  • AND
  • cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*
  • OR cpe:/a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.disco:def:201319510000000
    V
    		CVE-2013-1951 on Ubuntu 19.04 (disco) - low.
    2019-10-31
    oval:com.ubuntu.bionic:def:201319510000000
    V
    		CVE-2013-1951 on Ubuntu 18.04 LTS (bionic) - low.
    2019-10-31
    oval:com.ubuntu.artful:def:20131951000
    V
    		CVE-2013-1951 on Ubuntu 17.10 (artful) - low.
    2013-04-16
    oval:com.ubuntu.trusty:def:20131951000
    V
    		CVE-2013-1951 on Ubuntu 14.04 LTS (trusty) - low.
    2013-04-16
    oval:com.ubuntu.bionic:def:20131951000
    V
    		CVE-2013-1951 on Ubuntu 18.04 LTS (bionic) - low.
    2013-04-16
    oval:com.ubuntu.cosmic:def:201319510000000
    V
    		CVE-2013-1951 on Ubuntu 18.10 (cosmic) - low.
    2013-04-16
    oval:com.ubuntu.cosmic:def:20131951000
    V
    		CVE-2013-1951 on Ubuntu 18.10 (cosmic) - low.
    2013-04-16
    oval:com.ubuntu.precise:def:20131951000
    V
    		CVE-2013-1951 on Ubuntu 12.04 LTS (precise) - low.
    2013-04-16
    BACK
    mediawiki mediawiki *
    mediawiki mediawiki *
    linux linux kernel -
    debian debian linux 9.0
    debian debian linux 10.0
    mediawiki mediawiki 1.19.4
    mediawiki mediawiki 1.20.3