CVE-2013-6452
MediaWiki < 1.19.10, 1.2x < 1.21.4, 1.22.x < 1.22.1 - Cross-Site Scripting via SVG XSL Injection
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.
References (1)
Core 1
Core References
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html
Scores
EPSS
0.0032
EPSS Percentile
54.9%
Details
CWE
CWE-79
Status
published
Products (16)
mediawiki/mediawiki
1.22.0
mediawiki/mediawiki
1.21
mediawiki/mediawiki
1.21.1
mediawiki/mediawiki
1.21.2
mediawiki/mediawiki
1.21.3
mediawiki/mediawiki
1.19 (3 CPE variants)
mediawiki/mediawiki
1.19.0
mediawiki/mediawiki
1.19.1
mediawiki/mediawiki
1.19.2
mediawiki/mediawiki
1.19.3
... and 6 more
Published
May 12, 2014
Tracked Since
Feb 18, 2026