CVE-2013-4574

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.19.10 MediaWiki versions 1.20.x MediaWiki versions 1.21.x prior to 1.21.4 MediaWiki versions 1.22.x prior to 1.22.1

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors related to videos in the TimeMediaHandler extension.

Recommendations For MediaWiki versions prior to 1.19.10, update to version 1.19.10 or later. For MediaWiki versions 1.20.x, update to a version outside of the 1.20.x range, such as 1.19.10 or 1.21.4 or later. For MediaWiki versions 1.21.x prior to 1.21.4, update to version 1.21.4 or later. For MediaWiki versions 1.22.x prior to 1.22.1, update to version 1.22.1 or later.