Description

Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Remediation

References

CVE-2013-4305

Related Vulnerabilities

WordPress Plugin TinyMCE Advanced Cross-Site Request Forgery (4.1)

WordPress Plugin WordPress Automatic Security Bypass (3.53.2)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Security Bypass (3.8.1.2)

WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)

WordPress Plugin Sendit WP Newsletter 'submit.php' Blind SQL Injection (1.5.9)

Severity

Medium

Classification

CVE-2013-4305 CWE-707

Tags

Missing Update Known Vulnerabilities