Description

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.

Remediation

References

CVE-2013-6453

Related Vulnerabilities

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16221)

WordPress Plugin Export any WordPress data to XML/CSV SQL Injection (1.3.4)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42111)

MySQL CVE-2019-2481 Vulnerability (CVE-2019-2481)

WordPress Plugin ZeenShare Cross-Site Scripting (1.0.1)

Severity

High

Classification

CVE-2013-6453 CWE-20

Tags

Missing Update Known Vulnerabilities