includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2019-12-11T18:30:37
Updated: 2024-08-06T16:38:01.957Z
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4303
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-11T19:15:12.217
Modified: 2024-11-21T01:55:18.920
Link: CVE-2013-4303
Redhat
No data.