Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-12-13T18:00:00

Updated: 2024-08-06T16:45:14.820Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4568

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-12-13T18:07:54.093

Modified: 2024-11-21T01:55:50.900

Link: CVE-2013-4568

cve-icon Redhat

No data.