Security Advisory

CVE-2019-19910

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-12-19 18:41:25

Last updated 2024-08-05 02:32:09

Assigner mitre

State PUBLISHED

Description

The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the clients IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context.

← Browse all CVEs View on cve.org ↗