CVE-2019-19910

The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context.

packagechannelchannel versionpkg versionstatus
mediawiki
nixos-unstable
2020-02-09 19:20:46 UTC (8130f3)1.34.0vulnerable
2020-01-31 22:35:47 UTC (a21c2f)1.34.0vulnerable
2020-01-31 03:40:27 UTC (8539d5)1.34.0vulnerable
2020-01-27 15:15:42 UTC (e59dcf)1.34.0vulnerable
2020-01-26 13:55:23 UTC (73a59a)1.34.0vulnerable
2020-01-26 02:00:18 UTC (8a9807)1.34.0vulnerable
2020-01-24 12:40:44 UTC (05626c)1.34.0vulnerable
2020-01-23 12:40:25 UTC (d1ba7d)1.34.0vulnerable
2020-01-22 11:20:35 UTC (90441b)1.34.0vulnerable
2020-01-22 02:25:38 UTC (f37db1)1.34.0vulnerable
2020-01-21 07:35:39 UTC (a65f33)1.34.0vulnerable
2020-01-20 03:15:32 UTC (bea1a2)1.34.0vulnerable
2020-01-18 10:35:34 UTC (c438ce)1.34.0vulnerable
2020-01-17 08:15:31 UTC (2628f2)1.34.0vulnerable
2020-01-16 20:30:28 UTC (d5e9b7)1.34.0vulnerable
2020-01-15 07:35:45 UTC (7184df)1.34.0vulnerable
2020-01-12 17:10:37 UTC (100012)1.34.0vulnerable
2020-01-12 04:35:18 UTC (aa561c)1.34.0vulnerable
2020-01-11 08:25:20 UTC (e41347)1.34.0vulnerable
2020-01-09 02:55:25 UTC (e1eedf)1.34.0vulnerable
2020-01-07 08:20:27 UTC (9beb0d)1.34.0vulnerable
2020-01-05 23:45:32 UTC (2e8fc9)1.34.0vulnerable
2020-01-04 10:30:42 UTC (e0470e)1.34.0vulnerable
2019-12-27 17:25:29 UTC (b0bbac)1.34.0vulnerable