CVE-2013-6452
Published: 12 May 2014
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.
Priority
Status
Package | Release | Status |
---|---|---|
mediawiki Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [1:1.19.11+dfsg-1])
|
|
upstream |
Released
(1:1.19.10+dfsg-1)
|
|
utopic |
Not vulnerable
(1:1.19.11+dfsg-1)
|
|
vivid |
Not vulnerable
(1:1.19.11+dfsg-1)
|
|
wily |
Not vulnerable
(1:1.19.11+dfsg-1)
|
|
xenial |
Does not exist
|
|
yakkety |
Not vulnerable
|
|
zesty |
Not vulnerable
|
|
Patches: upstream: https://bugzilla.wikimedia.org/attachment.cgi?id=14260 |