Unrated severityNVD Advisory· Published Dec 19, 2019· Updated Aug 5, 2024
CVE-2019-19910
CVE-2019-19910
Description
The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- MediaWiki/MinervaNeue Skindescription
- Range: 1.34, 1.35
Patches
Vulnerability mechanics
References
2- gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51mitrex_refsource_MISC
- phabricator.wikimedia.org/T240487mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.