Wikimedia · Mediawiki · CVE-2013-2031
**Name of the Vulnerable Software and Affected Versions**
MediaWiki versions prior to 1.19.6
MediaWiki versions 1.20.x prior to 1.20.5
**Description**
The issue allows remote attackers to conduct cross-site scripting (XSS) attacks. This can be demonstrated by a CDATA section containing valid UTF-7 encoded sequences in an SVG file, which is then incorrectly interpreted as UTF-8 by browsers like Chrome and Firefox.
**Recommendations**
For MediaWiki versions prior to 1.19.6, update to version 1.19.6 or later.
For MediaWiki versions 1.20.x prior to 1.20.5, update to version 1.20.5 or later.