Description

Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos.

Remediation

References

CVE-2013-4574

Related Vulnerabilities

WordPress Plugin Portfolio-WordPress Portfolio Cross-Site Request Forgery (2.8.8)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-9912)

WordPress Plugin ProfileGrid-User Profiles, Memberships, Groups and Communities Cross-Site Scripting (4.7.4)

WordPress Plugin WordPress Video Player Multiple Vulnerabilities (1.5.4)

e107 Other Vulnerability (CVE-2005-4224)

Severity

Medium

Classification

CVE-2013-4574 CWE-707

Tags

Missing Update Known Vulnerabilities