CVE-2013-2031
EPSS 1.6%mediawiki - security update
發布日:2013/11/18修改日:2026/4/28
也稱為:DEBIAN-CVE-2013-2031
描述
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.
受影響套件(3)
- Debian/mediawikifrom 0, < 1:1.19.6-1
- Debian/mediawikifrom 0, < 1:1.19.14+dfsg-0+deb7u1
- Debian/mediawiki-extensionsfrom 0, < 3.5~deb7u1