Description

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

Remediation

References

CVE-2013-6455

Related Vulnerabilities

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0276)

WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.11.3)

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-8450)

Oracle JRE CVE-2013-2452 Vulnerability (CVE-2013-2452)

Microsoft SQL Server CVE-2023-21704 Vulnerability (CVE-2023-21704)

Severity

Medium

Classification

CVE-2013-6455 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities