QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2013-4568

Back to search

CVE-2013-4568

Published: Dec 13, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.

VendorProductVersions

n/a

n/a

affected
n/a

References

57472
third-party-advisory
x_refsource_SECUNIA
DSA-2891
vendor-advisory
x_refsource_DEBIAN
FEDORA-2013-21856
vendor-advisory
x_refsource_FEDORA
63761
vdb-entry
x_refsource_BID
FEDORA-2013-21874
vendor-advisory
x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now