CVE-2013-6453

Description

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.

How to fix CVE-2013-6453

To remediate CVE-2013-6453, upgrade the affected package to a fixed version below.

• Debian/mediawiki—upgrade to 1:1.19.10+dfsg-1 or later

Is CVE-2013-6453 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:1.19.10+dfsg-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-6453