{"id":"MGASA-2013-0276","summary":"Updated mediawiki package fixes security vulnerabilities","details":"Full path disclosure in MediaWiki before 1.20.7, when an invalid language\nis specified in ResourceLoader (CVE-2013-4301).\n\nSeveral API modules in MediaWiki before 1.20.7 allowed anti-CSRF tokens\nto be accessed via JSONP (CVE-2013-4302).\n\nAn issue with the MediaWiki API in MediaWiki before 1.20.7 where an\ninvalid property name could be used for XSS with older versions of\nInternet Explorer (CVE-2013-4303).\n","modified":"2026-02-02T13:27:44.028688Z","published":"2013-09-13T20:15:05Z","related":["CVE-2013-4301","CVE-2013-4302","CVE-2013-4303"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0276.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=11157"},{"type":"REPORT","url":"http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"},{"type":"REPORT","url":"https://www.mediawiki.org/wiki/Release_notes/1.20"}],"affected":[{"package":{"name":"mediawiki","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/mediawiki?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.7-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0276.json"}},{"package":{"name":"mediawiki","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/mediawiki?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.7-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0276.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}