2 matches found
CVE-2019-19910
The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 1.35 and/or 1.34 mishandles certain HTML attributes, as demonstrated by IMG onmouseover= impact is XSS and IMG src=http impact is disclosing the client's IP address. This can occur within a talk page topical header that is viewed...
CVE-2022-43689
Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure...