CVE Vulnerabilities

CVE-2013-4567

Published: Dec 13, 2013 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
root.io minimus.io echohq.com

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a b (backspace) character in CSS.

Affected Software

Name Vendor Start Version End Version
Mediawiki Mediawiki * 1.19.8 (including)
Mediawiki Mediawiki 1.19 (including) 1.19 (including)
Mediawiki Mediawiki 1.19-beta_1 (including) 1.19-beta_1 (including)
Mediawiki Mediawiki 1.19-beta_2 (including) 1.19-beta_2 (including)
Mediawiki Mediawiki 1.19.0 (including) 1.19.0 (including)
Mediawiki Mediawiki 1.19.1 (including) 1.19.1 (including)
Mediawiki Mediawiki 1.19.2 (including) 1.19.2 (including)
Mediawiki Mediawiki 1.19.3 (including) 1.19.3 (including)
Mediawiki Mediawiki 1.19.4 (including) 1.19.4 (including)
Mediawiki Mediawiki 1.19.5 (including) 1.19.5 (including)
Mediawiki Mediawiki 1.19.6 (including) 1.19.6 (including)
Mediawiki Mediawiki 1.19.7 (including) 1.19.7 (including)
Mediawiki Ubuntu lucid *
Mediawiki Ubuntu precise *
Mediawiki Ubuntu quantal *
Mediawiki Ubuntu raring *
Mediawiki Ubuntu saucy *
Mediawiki Ubuntu upstream *

References