CVE-2013-6455

MEDIUM

MediaWiki CentralAuth < 1.19.10, 1.2x < 1.21.4, 1.22.x < 1.22.1 - Unauthenticated Username Exposure via DOM Injection

Title source: llm
STIX 2.1

Description

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

References (1)

Core 1

Scores

CVSS v3 5.3
EPSS 0.0112
EPSS Percentile 62.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
mediawiki/mediawiki < 1.19.10
Published Jan 28, 2020
Tracked Since Feb 18, 2026