Unrated severityNVD Advisory· Published Oct 27, 2013· Updated Jun 16, 2026
CVE-2013-4302
CVE-2013-4302
Description
(1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*
- (no CPE)range: 1.19.x < 1.19.8, 1.20.x < 1.20.7, 1.21.x < 1.21.2
Patches
Vulnerability mechanics
References
10- lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.htmlnvdPatch
- seclists.org/oss-sec/2013/q3/553nvdPatch
- bugzilla.wikimedia.org/show_bug.cginvdPatch
- secunia.com/advisories/54715nvdVendor Advisory
- osvdb.org/96912nvd
- www.debian.org/security/2013/dsa-2753nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/86896nvd
- www.mediawiki.org/wiki/Release_notes/1.19nvd
- www.mediawiki.org/wiki/Release_notes/1.20nvd
- www.mediawiki.org/wiki/Release_notes/1.21nvd
News mentions
0No linked articles in our index yet.