VDB

GCVE-110-MAGEIA-2013-276

GCVE-110-MAGEIA-2013-276
Advisory Published
Vulnetix · Advisory published September 13, 2013
Full path disclosure in MediaWiki before 1.20.7, when an invalid language is specified in ResourceLoader (CVE-2013-4301). Several API modules in MediaWiki before 1.20.7 allowed anti-CSRF tokens to be accessed via JSONP (CVE-2013-4302). An issue with the MediaWiki API in MediaWiki before 1.20.7 where an invalid property name could be used for XSS with older versions of Internet Explorer (CVE-2013-4303).

Affected Products

VendorProductVersionsPlatforms
Mageiamediawiki1.20.7-1.mga2 (unaffected), 0 (affected)
Mageiamediawiki0 (affected), 1.20.7-1.mga3 (unaffected)

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›