Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Debian |
|
| Mediawiki |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DSA |
DSA-4460-1 | mediawiki security update |
 EUVD |
EUVD-2022-2043 | Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
 Github GHSA |
GHSA-2rm7-xxx8-35jh | MediaWiki Cross-site Scripting (XSS) |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T23:24:37.083Z
Reserved: 2019-05-30T00:00:00
Link: CVE-2019-12471
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-07-10T16:15:11.150
Modified: 2024-11-21T04:22:55.477
Link: CVE-2019-12471
Redhat
No data.
OpenCVE Enrichment
No data.