CVE-2013-6453
MediaWiki < 1.19.10, 1.2x < 1.21.4, 1.22.x < 1.22.1 - XML External Entity Injection in SVG File Sanitization
Title source: llmDescription
MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.
References (1)
Core 1
Core References
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html
Scores
EPSS
0.0062
EPSS Percentile
70.4%
Details
CWE
CWE-20
Status
published
Products (16)
mediawiki/mediawiki
1.22.0
mediawiki/mediawiki
1.21
mediawiki/mediawiki
1.21.1
mediawiki/mediawiki
1.21.2
mediawiki/mediawiki
1.21.3
mediawiki/mediawiki
1.19 (3 CPE variants)
mediawiki/mediawiki
1.19.0
mediawiki/mediawiki
1.19.1
mediawiki/mediawiki
1.19.2
mediawiki/mediawiki
1.19.3
... and 6 more
Published
May 12, 2014
Tracked Since
Feb 18, 2026