CVE-2013-4568
EPSS 0.50%
Description
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.
How to fix CVE-2013-4568
To remediate CVE-2013-4568, upgrade the affected package to a fixed version below.
- Debian/mediawiki—upgrade to 1:1.19.8+dfsg-2.2 or later
Is CVE-2013-4568 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.19.8+dfsg-2.2