Main Vulnerability Database Vulnerabilities #VU41691

Input validation error in MediaWiki - CVE-2013-6453

Published: May 12, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41691

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-6453

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: MediaWiki.org

Affected software:
MediaWiki

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.

How to mitigate CVE-2013-6453

Install update from vendor's website.

Sources

http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html

Input validation error in MediaWiki - CVE-2013-6453

Detailed vulnerability description

How to mitigate CVE-2013-6453

Sources

Please verify you're human