Description

Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos.

Remediation

References

CVE-2013-4574

Related Vulnerabilities

WordPress Plugin WP Glossary 'ajax.php' SQL Injection (0.1)

Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-38745)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3391)

Serendipity Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1916)

MySQL CVE-2022-21309 Vulnerability (CVE-2022-21309)

Severity

Medium

Classification

CVE-2013-4574 CWE-707

Tags

Missing Update Known Vulnerabilities