CVE-2013-4305 Information

Description

Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki possibly as downloaded before September 2013 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Reference

http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html http://osvdb.org/96909 http://seclists.org/oss-sec/2013/q3/553 https://bugzilla.wikimedia.org/show_bug.cgi?id=49070 https://exchange.xforce.ibmcloud.com/vulnerabilities/86890