VDB
GCVE-110-MAGEIA-2014-113
GCVE-110-MAGEIA-2014-113
Advisory Published
MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed
insertion of escaped CSS values which could pass the CSS validation checks,
resulting in XSS (CVE-2013-6451).
Chris from RationalWiki reported that SVG files could be uploaded that
include external stylesheets, which could lead to XSS when an XSL was used
to include JavaScript (CVE-2013-6452).
During internal review, it was discovered that MediaWiki's SVG sanitization
could be bypassed when the XML was considered invalid (CVE-2013-6453).
During internal review, it was discovered that MediaWiki displayed some
information about deleted pages in the log API, enhanced RecentChanges, and
user watchlists (CVE-2013-6472).
Netanel Rubin from Check Point discovered a remote code execution
vulnerability in MediaWiki's thumbnail generation for DjVu files. Internal
review also discovered similar logic in the PdfHandler extension, which
could be exploited in a similar way (CVE-2014-1610).
MediaWiki has been updated to version 1.22.2, which fixes these issues, as
well as several others.
Also, the mediawiki-ldapauthentication and mediawiki-math extensions have
been updated to newer versions that are compatible with MediaWiki 1.22.
Additionally, the mediawiki-graphviz extension has been obsoleted, due to
the fact that it is unmaintained upstream and is vulnerable to cross-site
scripting attacks.
Note: if you were using the "instances" feature in these packages to
support multiple wiki instances, this feature has now been removed. You
will need to maintain separate wiki instances manually.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | alsa-utils | 0 (affected), 1.0.27.2-2.1.mga4 (unaffected) | — |
| Mageia | mediawiki-math | 0 (affected), 1.1-1.1.mga4 (unaffected), 0 (affected), 1.1-1.1.mga4 (unaffected) | — |
| Mageia | mediawiki-ldapauthentication | 2.0f-1.1.mga3 (unaffected), 0 (affected), 2.0f-1.1.mga3 (unaffected), 0 (affected) | — |
| Mageia | mediawiki | 0 (affected), 1.22.2-1.1.mga4 (unaffected), 0 (affected), 1.22.2-1.1.mga4 (unaffected) | — |
| Mageia | mediawiki | 0 (affected), 1.22.2-1.1.mga3 (unaffected), 0 (affected), 1.22.2-1.1.mga3 (unaffected) | — |
| Mageia | mediawiki-math | 0 (affected), 1.1-1.1.mga3 (unaffected), 1.1-1.1.mga3 (unaffected), 0 (affected) | — |
| Mageia | libwacom | 0 (affected), 0.8-2.1.mga4 (unaffected) | — |
| Mageia | mediawiki-ldapauthentication | 2.0f-1.1.mga4 (unaffected), 0 (affected), 0 (affected), 2.0f-1.1.mga4 (unaffected) | — |
References
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.