CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-19910

The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.1%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51
https://phabricator.wikimedia.org/T240487
https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51
https://phabricator.wikimedia.org/T240487

Products affected by CVE-2019-19910

Mediawiki » Mediawiki » Version: 1.34

cpe:2.3:a:mediawiki:mediawiki:1.34
Mediawiki » Mediawiki » Version: 1.35

cpe:2.3:a:mediawiki:mediawiki:1.35

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-19910

Products

Pricing

Contact Us