CVE-2013-4307

EUVD-2013-4201
Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the "In other languages" section or (2) remote administrators to inject arbitrary web script or HTML via a description.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
mediawikimediawiki
1.19
mediawikimediawiki
1.19:beta_1
mediawikimediawiki
1.19:beta_2
mediawikimediawiki
1.19.0
mediawikimediawiki
1.19.1
mediawikimediawiki
1.19.2
mediawikimediawiki
1.19.3
mediawikimediawiki
1.19.4
mediawikimediawiki
1.19.5
mediawikimediawiki
1.19.6
mediawikimediawiki
1.19.7
mediawikimediawiki
1.20
mediawikimediawiki
1.20.1
mediawikimediawiki
1.20.2
mediawikimediawiki
1.20.3
mediawikimediawiki
1.20.4
mediawikimediawiki
1.20.5
mediawikimediawiki
1.20.6
mediawikimediawiki
1.21
mediawikimediawiki
1.21.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
http://osvdb.org/96907
http://seclists.org/oss-sec/2013/q3/553
http://www.securityfocus.com/bid/62201
https://bugzilla.wikimedia.org/show_bug.cgi?id=53472
https://exchange.xforce.ibmcloud.com/vulnerabilities/86892
http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
http://osvdb.org/96907
http://seclists.org/oss-sec/2013/q3/553
http://www.securityfocus.com/bid/62201
https://bugzilla.wikimedia.org/show_bug.cgi?id=53472
https://exchange.xforce.ibmcloud.com/vulnerabilities/86892