Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2013-4303 - Vulnerability Database
MediaWiki

MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2013-4303

Medium
Reference: CVE-2013-4303
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2013-4303
Title: MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8 1.20.x before 1.20.7 and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of quot.quot (period) characters in a string which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.