Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-10T15:49:21
Updated: 2024-08-04T23:24:37.083Z
Reserved: 2019-05-30T00:00:00
Link: CVE-2019-12471
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-07-10T16:15:11.150
Modified: 2019-07-16T13:29:43.307
Link: CVE-2019-12471
Redhat
No data.