Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-19910 - Vulnerability Database
MediaWiki

MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-19910

Medium
Reference: CVE-2019-19910
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-19910
Title: MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes as demonstrated by IMG onmouseover (impact is XSS) and IMG srchttp (impact is disclosing the client39s IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context.