CVE-2013-1951
6.1
MEDIUM
CVSS 3.1
EPSS 2.0%
Description
A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.
How to fix CVE-2013-1951
To remediate CVE-2013-1951, upgrade the affected package to a fixed version below.
- Debian/mediawiki—upgrade to 1:1.19.5-1 or later
Is CVE-2013-1951 being exploited?
Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.19.5-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |