Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.
[
{
"product": "MediaWiki",
"vendor": "Wikimedia Foundation",
"versions": [
{
"status": "affected",
"version": "1.19.9 before 1.19.10"
},
{
"status": "affected",
"version": "1.2x before 1.21.4"
},
{
"status": "affected",
"version": "1.22.x before 1.22.1"
}
]
}
]