CVE-2013-1951

Опубликовано: 31 окт. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.

Ссылки

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html
Mailing List
Release Notes
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html
Mailing List
Release Notes
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201310-21.xml
Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/04/16/12
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/59077
Third Party Advisory
VDB Entry
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951
Issue Tracking
Third Party Advisory
https://phabricator.wikimedia.org/T48084
Vendor Advisory
https://security-tracker.debian.org/tracker/CVE-2013-1951
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html
Mailing List
Release Notes
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html
Mailing List
Release Notes
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201310-21.xml
Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/04/16/12
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/59077
Third Party Advisory
VDB Entry
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951
Issue Tracking
Third Party Advisory
https://phabricator.wikimedia.org/T48084
Vendor Advisory
https://security-tracker.debian.org/tracker/CVE-2013-1951
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*

Версия до 1.19.5 (исключая)

cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*

Версия от 1.20.0 (включая) до 1.20.4 (исключая)

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.0198

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2013-1951

CVSS3: 6.1

ubuntu

больше 6 лет назад

A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.

CVE-2013-1951

CVSS3: 6.1

debian

больше 6 лет назад

A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 ...

GHSA-6f76-xp7g-326v

github

почти 4 года назад

A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.

EPSS

Процентиль: 83%

0.0198

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79