CVE-2013-4573

MediaWiki <1.19.9, 1.20.8, 1.21.3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php.

References (3)

[Patch] http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html

[Vendor Advisory] http://secunia.com/advisories/55754

[Patch] https://bugzilla.wikimedia.org/show_bug.cgi?id=55991

Scores

EPSS 0.0036

EPSS Percentile 57.8%

Details

CWE

CWE-79

Status published

Products (21)

mediawiki/mediawiki

... and 11 more

Published Nov 25, 2013

Tracked Since Feb 18, 2026