Back to search
CVE-2013-2031
Published: Nov 15, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2013-7714
vendor-advisory
x_refsource_FEDORA
57472
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.wikimedia.org/show_bug.cgi?id=47304
x_refsource_CONFIRM
55433
third-party-advisory
x_refsource_SECUNIA
DSA-2891
vendor-advisory
x_refsource_DEBIAN
FEDORA-2013-7654
vendor-advisory
x_refsource_FEDORA
FEDORA-2013-7701
vendor-advisory
x_refsource_FEDORA
59594
vdb-entry
x_refsource_BID
GLSA-201310-21
vendor-advisory
x_refsource_GENTOO
[MediaWiki-announce] 20130430 MediaWiki Security Release: 1.20.5 and 1.19.6
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now