CVE-2013-4308

Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
liquidthreads_projectliquidthreads
2.0:alpha
liquidthreads_projectliquidthreads
2.1:alpha
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
http://osvdb.org/96906
http://seclists.org/oss-sec/2013/q3/553
http://www.securityfocus.com/bid/62218
https://bugzilla.wikimedia.org/show_bug.cgi?id=53320
https://exchange.xforce.ibmcloud.com/vulnerabilities/86891
http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
http://osvdb.org/96906
http://seclists.org/oss-sec/2013/q3/553
http://www.securityfocus.com/bid/62218
https://bugzilla.wikimedia.org/show_bug.cgi?id=53320
https://exchange.xforce.ibmcloud.com/vulnerabilities/86891