UBUNTU-CVE-2013-4303

Source
https://ubuntu.com/security/CVE-2013-4303
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-4303.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2013-4303
Related
Published
2019-12-11T19:15:00Z
Modified
2025-01-13T10:21:04Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.

References

Affected packages

Ubuntu:14.04:LTS / mediawiki

Package

Name
mediawiki
Purl
pkg:deb/ubuntu/mediawiki@1:1.19.8+dfsg-1?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.19.8+dfsg-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1:1.19.8+dfsg-1",
            "binary_name": "mediawiki"
        }
    ]
}