Nixpkgs security tracker

Untriaged

Permalink CVE-2013-1951

created 2 months ago Activity log

Created suggestion 2 months ago

A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and …

A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.

References

https://security-tracker.debian.org/tracker/CVE-2013-1951 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951 x_transferredx_refsource_MISC
http://security.gentoo.org/glsa/glsa-201310-21.xml x_transferredx_refsource_MISC
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951 x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/04/16/12 x_transferredx_refsource_MISC
http://www.securityfocus.com/bid/59077 x_transferredx_refsource_MISC
https://phabricator.wikimedia.org/T48084 x_transferredx_refsource_CONFIRM

Affected products

MediaWiki

==before 1.19.5 and 1.20.x before 1.20.4

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

nixos-unstable 1.45.1
- nixpkgs-unstable 1.45.1
- nixos-unstable-small 1.45.1
nixos-25.11 1.44.3
- nixos-25.11-small 1.44.3
- nixpkgs-25.11-darwin 1.44.3

Package maintainers

@astro Astro <astro@spaceboyz.net>
@gshipunov Grigory Shipunov <blame@oxapentane.com>
@tanneberger Tassilo Tanneberger <revol-xut@protonmail.com>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.mediawiki

Package maintainers