CVE-2013-4568

Published: Dec 13, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.

Affected (23)

Products: Mediawiki: Mediawiki

Mediawiki

1 product

Mediawiki

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Mediawiki Mediawiki	Version 1.20.1
Mediawiki Mediawiki	Version 1.20.2
Mediawiki Mediawiki	Version 1.20.3
Mediawiki Mediawiki	Version 1.20.4
Mediawiki Mediawiki	Version 1.20.5
Mediawiki Mediawiki	Version 1.20.6
Mediawiki Mediawiki	Version 1.20.7
Mediawiki Mediawiki	Version 1.20

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Mediawiki Mediawiki	Version 1.21.1
Mediawiki Mediawiki	Version 1.21.2
Mediawiki Mediawiki	Version 1.21

Configuration C

12 vulnerable

Vulnerable Software	Affected Versions
Mediawiki Mediawiki	Up to 1.19.8
Mediawiki Mediawiki	Version 1.19.0
Mediawiki Mediawiki	Version 1.19.1
Mediawiki Mediawiki	Version 1.19.2
Mediawiki Mediawiki	Version 1.19.3
Mediawiki Mediawiki	Version 1.19.4
Mediawiki Mediawiki	Version 1.19.5
Mediawiki Mediawiki	Version 1.19.6
Mediawiki Mediawiki	Version 1.19.7
Mediawiki Mediawiki	Version 1.19
Mediawiki Mediawiki	Version 1.19 beta_1
Mediawiki Mediawiki	Version 1.19 beta_2