Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4307)

Description

Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the "In other languages" section or (2) remote administrators to inject arbitrary web script or HTML via a description.

Remediation

References

Related Vulnerabilities

WordPress 3.0.4 Multiple Vulnerabilities (0.6.2 - 3.0.4)

Oracle HTTP Server CVE-2023-22019 Vulnerability (CVE-2023-22019)

WordPress Plugin Keyword Meta Cross-Site Request Forgery (3.0)

Jenkins Incorrect Authorization Vulnerability (CVE-2018-1999047)

Envoy Proxy Incomplete Cleanup Vulnerability (CVE-2023-35945)

Severity

Medium

Classification

CVE-2013-4307 CWE-707

Tags

Missing Update Known Vulnerabilities