CVE-2013-6454

Mediawiki < 1.19.9 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute.

References (1)

[Patch, Vendor Advisory] http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html

Scores

EPSS 0.0032

EPSS Percentile 54.6%

Details

CWE

CWE-79

Status published

Products (19)

mediawiki/mediawiki

mediawiki/mediawiki < 1.19.9

mediawiki/mediawiki

... and 9 more

Published May 12, 2014

Tracked Since Feb 18, 2026