XSS Vulnerability in MediaWiki Affects Multiple Versions
CVE-2013-2031

Currently unrated

Key Information:

Vendor: Gentoo
Status: Linux
Vendor: CVE Published:; 18 November 2013

What is CVE-2013-2031?

MediaWiki is susceptible to cross-site scripting (XSS) attacks when improperly handling UTF-7 encoded sequences in SVG files. Attackers can exploit vulnerable versions of MediaWiki prior to 1.19.6 and 1.20.x before 1.20.5 by injecting malicious script content that is mistakenly interpreted as UTF-8 in popular web browsers such as Chrome and Firefox. This security flaw highlights the importance of properly validating input to prevent unauthorized script execution and safeguard users' interactions with the platform.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://secunia.com/advisories/57472

third-party-advisoryx_refsource_SECUNIA

https://bugzilla.wikimedia.org/show_bug.cgi?id=47304

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2013
Vulnerability Reserved
Feb 19, 2013

Gentoo

What is CVE-2013-2031?

References

Timeline