CVE-2013-4568
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.1%
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of “expression” containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.
Affected configurations
References
lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html
lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html
lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html
secunia.com/advisories/57472
www.debian.org/security/2014/dsa-2891
www.securityfocus.com/bid/63761
bugzilla.wikimedia.org/attachment.cgi?id=13452&action=diff
bugzilla.wikimedia.org/show_bug.cgi?id=55332
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.1%