Description

includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message.

Remediation

References

CVE-2013-4301

Related Vulnerabilities

WordPress Plugin Portrait-Archiv.com Photostore Cross-Site Scripting (3.1)

WordPress 3.8.x Denial of Service Vulnerability (3.8 - 3.8.25)

WordPress Plugin wp-mpdf Cross-Site Request Forgery (3.5.1)

WordPress Plugin Multiple Page Generator-MPG Cross-Site Request Forgery (3.3.9)

WordPress Plugin Disable Comments Cross-Site Scripting (1.3)

Severity

Medium

Classification

CVE-2013-4301 CWE-200

Tags

Missing Update Known Vulnerabilities