| Vulnerability Name: | CVE-2013-4573 (CCN-88931) | ||||||||||||
| Assigned: | 2013-11-14 | ||||||||||||
| Published: | 2013-11-14 | ||||||||||||
| Updated: | 2013-11-27 | ||||||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2013-4573 Source: CCN Type: MediaWiki Mailing List, Thu Nov 14 21:59:24 UTC 2013 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9 Source: MLIST Type: Patch [MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9 Source: CCN Type: SA55754 MediaWiki ZeroRatedMobileAccess Extension "to" Cross-Site Scripting Vulnerability Source: SECUNIA Type: Vendor Advisory 55754 Source: CCN Type: MediaWiki Web site MediaWiki Source: CCN Type: BID-63755 Mediawiki ZeroRatedMobileAccess Extension CVE-2013-4573 Cross Site Scripting Vulnerability Source: CONFIRM Type: Patch https://bugzilla.wikimedia.org/show_bug.cgi?id=55991 Source: XF Type: UNKNOWN zeroratedmobileaccess-cve20134573-xss(88931) Source: CCN Type: WhiteSource Vulnerability Database CVE-2013-4573 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||