Vulnerability Details CVE-2013-4308
Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
- http://osvdb.org/96906
- http://seclists.org/oss-sec/2013/q3/553
- http://www.securityfocus.com/bid/62218
- https://bugzilla.wikimedia.org/show_bug.cgi?id=53320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86891
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
- http://osvdb.org/96906
- http://seclists.org/oss-sec/2013/q3/553
- http://www.securityfocus.com/bid/62218
- https://bugzilla.wikimedia.org/show_bug.cgi?id=53320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86891
Products affected by CVE-2013-4308
-
cpe:2.3:a:liquidthreads_project:liquidthreads:2.0
-
cpe:2.3:a:liquidthreads_project:liquidthreads:2.1
-
cpe:2.3:a:mediawiki:mediawiki:1.19
-
cpe:2.3:a:mediawiki:mediawiki:1.19.0
-
cpe:2.3:a:mediawiki:mediawiki:1.19.1
-
cpe:2.3:a:mediawiki:mediawiki:1.19.2
-
cpe:2.3:a:mediawiki:mediawiki:1.19.3
-
cpe:2.3:a:mediawiki:mediawiki:1.19.4
-
cpe:2.3:a:mediawiki:mediawiki:1.19.5
-
cpe:2.3:a:mediawiki:mediawiki:1.19.6
-
cpe:2.3:a:mediawiki:mediawiki:1.19.7
-
cpe:2.3:a:mediawiki:mediawiki:1.20
-
cpe:2.3:a:mediawiki:mediawiki:1.20.1
-
cpe:2.3:a:mediawiki:mediawiki:1.20.2
-
cpe:2.3:a:mediawiki:mediawiki:1.20.3
-
cpe:2.3:a:mediawiki:mediawiki:1.20.4
-
cpe:2.3:a:mediawiki:mediawiki:1.20.5
-
cpe:2.3:a:mediawiki:mediawiki:1.20.6
-
cpe:2.3:a:mediawiki:mediawiki:1.21
-
cpe:2.3:a:mediawiki:mediawiki:1.21.1