XSS in Gentoo Linux
CVE-2013-2031
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly in…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.016 (82.1th percentile) — read the EPSS interpretation.
Affected products
- Gentoo Linux
- Mediawiki — versions 1.1.0, 1.10.0, 1.10.1
- N/a — versions n/a
Weakness classification (CWE)
References
- FEDORA-2013-7714 (x_refsource_FEDORA, vendor-advisory)
- 57472 (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- 55433 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- DSA-2891 (vendor-advisory, x_refsource_DEBIAN)
- FEDORA-2013-7654 (x_refsource_FEDORA, vendor-advisory)
- FEDORA-2013-7701 (x_refsource_FEDORA, vendor-advisory)
- 59594 (vdb-entry, x_refsource_BID)
- GLSA-201310-21 (vendor-advisory, x_refsource_GENTOO)
- [MediaWiki-announce] 20130430 MediaWiki Security Release: 1.20.5 and 1.19.6 (mailing-list, x_refsource_MLIST, Patch)