CVE-2013-4567

Published: 13 December 2013

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS.

Priority

Medium

Status

Package Release Status
mediawiki
Launchpad, Ubuntu, Debian
Upstream
Released (1.19.9)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1:1.19.14+dfsg-1])