28 matches found
Code injection
The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 1.35 and/or 1.34 mishandles certain HTML attributes, as demonstrated by IMG onmouseover= impact is XSS and IMG src=http impact is disclosing the client's IP address. This can occur within a talk page topical header that is viewed...
CVE-2019-19910
The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 1.35 and/or 1.34 mishandles certain HTML attributes, as demonstrated by IMG onmouseover= impact is XSS and IMG src=http impact is disclosing the client's IP address. This can occur within a talk page topical header that is viewed...
MediaWiki MobileFrontend extension cross-site scripting vulnerability
MediaWiki is the American MediaWiki Wikimedia Foundation's set of free and free web-based Wiki engine. The product can be used to deploy in-house knowledge management and content management systems. mobileFrontend extension is used in one of the mobile front-end extension. A cross-site scripting...
CVE-2019-14807
In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php...
CVE-2019-14807
In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php...
Design/Logic Flaw
In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php...
CVE-2019-14807
In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php...
CVE-2019-14807
CVE-2019-14807 concerns the MediaWiki MobileFrontend extension (versions 1.31–1.33). The vulnerability is a cross-site scripting flaw in the edit summary field of includes/specials/MobileSpecialPageFeed.php, caused by a lack of proper validation of client-side data. Documents indicate the issue, ...