Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2013-6455

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

  • Published: Jan 28, 2020
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-6455
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
mediawiki / mediawiki 1.22.0 1.22.1
mediawiki / mediawiki 1.20.0 1.21.4
mediawiki / mediawiki - 1.19.10