CVE-2013-1951

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.19.5 MediaWiki versions 1.20.x prior to 1.20.4

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via Lua function names.

Recommendations For MediaWiki versions prior to 1.19.5, update to version 1.19.5 or later. For MediaWiki versions 1.20.x prior to 1.20.4, update to version 1.20.4 or later.