27 matches found
EUVD-2019-5936
Malware in sbrugna...
EUVD-2019-6193
Malware in sbrugna...
EUVD-2019-9502
Malware in sbrugna...
CVE-2019-15124
In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL131, REL132, and REL133...
CVE-2019-14807
In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php...
BIT-MEDIAWIKI-2020-26120
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even...
CVE-2020-26120
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even...
CVE-2020-26120
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even...
Cross site scripting
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even...
CVE-2020-26120
The CVE-2020-26120 entry is supported by connected documentation: MediaWiki MobileFrontend prior to 1.34.4 is affected by an XSS due to mishandling of section.line during regex replacement in PageGateway. An attacker can craft HTML that triggers XSS via jQuery.parseHTML, causing image callbacks t...
PT-2020-16299 · Jquery +2 · Jquery +2
Name of the Vulnerable Software and Affected Versions: MediaWiki MobileFrontend extension versions prior to 1.34.4 Description: The issue exists due to the mishandling of section.line during regex section line replacement from PageGateway. An attacker can exploit this by using crafted HTML to...
MediaWiki Cross-Site Scripting Vulnerability
MediaWiki is the American MediaWiki Wikimedia Foundation's set of free and free web-based Wiki engine. The product can be used to deploy in-house knowledge management and content management systems. mobileFrontend extension is used in one of the mobile front-end extension. A cross-site scripting...
CVE-2019-15124
In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL131, REL132, and REL133...
CVE-2019-15124
In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL131, REL132, and REL133...
Design/Logic Flaw
In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL131, REL132, and REL133...
CVE-2019-15124
The CVE-2019-15124 entry refers to a stored/reflected cross-site scripting (XSS) vulnerability in the MobileFrontend extension for MediaWiki, specifically in the edit summary field of the watchlist feed. Affected branches are REL1_31, REL1_32, and REL1_33. The vulnerability arises from XSS in the...
CVE-2019-15124
In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL131, REL132, and REL133...
CVE-2019-19910
The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 1.35 and/or 1.34 mishandles certain HTML attributes, as demonstrated by IMG onmouseover= impact is XSS and IMG src=http impact is disclosing the client's IP address. This can occur within a talk page topical header that is viewed...
CVE-2019-19910
The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 1.35 and/or 1.34 mishandles certain HTML attributes, as demonstrated by IMG onmouseover= impact is XSS and IMG src=http impact is disclosing the client's IP address. This can occur within a talk page topical header that is viewed...
Code injection
The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 1.35 and/or 1.34 mishandles certain HTML attributes, as demonstrated by IMG onmouseover= impact is XSS and IMG src=http impact is disclosing the client's IP address. This can occur within a talk page topical header that is viewed...