CVE-2019-19910

Published: Dec 19, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://phabricator.wikimedia.org/T240487

x_refsource_MISC

https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-19910

Description

Affected Products

References