CVE-2019-19910

The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context.

packagechannelchannel versionpkg versionstatus
mediawiki
nixos-20.03
2020-04-04 07:30:34 UTC (e89b10)1.34.0vulnerable
2020-04-04 01:50:20 UTC (5bf91d)1.34.0vulnerable
2020-03-28 16:50:34 UTC (b0c285)1.34.0vulnerable
2020-03-28 01:25:31 UTC (85055b)1.34.0vulnerable
2020-03-26 22:10:38 UTC (3a009b)1.34.0vulnerable
2020-03-26 18:30:23 UTC (c6839e)1.34.0vulnerable
2020-03-21 08:05:45 UTC (b2935f)1.34.0vulnerable
2020-03-20 01:00:30 UTC (16dd1d)1.34.0vulnerable
2020-03-16 12:45:35 UTC (99a3d7)1.34.0vulnerable
2020-03-13 21:10:27 UTC (730453)1.34.0vulnerable
2020-03-10 15:20:40 UTC (dbacfa)1.34.0vulnerable
2020-03-10 04:00:23 UTC (da92e0)1.34.0vulnerable
2020-03-09 07:45:46 UTC (62b2bf)1.34.0vulnerable
2020-03-08 17:55:47 UTC (fb34ac)1.34.0vulnerable
2020-03-08 01:55:51 UTC (cbe553)1.34.0vulnerable
2020-03-07 19:50:24 UTC (b780ae)1.34.0vulnerable
2020-03-07 05:50:37 UTC (470731)1.34.0vulnerable
2020-03-06 07:05:18 UTC (1f99fd)1.34.0vulnerable
2020-03-05 13:35:28 UTC (08bcfe)1.34.0vulnerable
2020-03-02 16:00:33 UTC (61cc1f)1.34.0vulnerable
2020-03-02 00:30:27 UTC (ebc962)1.34.0vulnerable
2020-02-29 15:10:31 UTC (4f8bc8)1.34.0vulnerable
2020-02-28 22:00:25 UTC (89536c)1.34.0vulnerable
2020-02-28 09:40:24 UTC (a2bb25)1.34.0vulnerable
2020-02-27 23:50:30 UTC (f82333)1.34.0vulnerable
2020-02-27 05:40:34 UTC (be346a)1.34.0vulnerable
2020-02-27 04:10:22 UTC (8d49eb)1.34.0vulnerable
2020-02-24 16:25:25 UTC (68df00)1.34.0vulnerable
2020-02-23 18:10:20 UTC (04aca9)1.34.0vulnerable
2020-02-23 13:45:26 UTC (153baa)1.34.0vulnerable
2020-02-22 17:35:41 UTC (d31e38)1.34.0vulnerable
2020-02-20 11:25:36 UTC (71be72)1.34.0vulnerable
nixos-unstable
2020-02-28 00:35:20 UTC (57f2ea)1.34.0vulnerable
2020-02-26 17:55:29 UTC (55beed)1.34.0vulnerable
2020-02-25 22:00:40 UTC (d363be)1.34.0vulnerable
2020-02-25 01:05:18 UTC (398929)1.34.0vulnerable
2020-02-22 13:35:28 UTC (ea79a8)1.34.0vulnerable
2020-02-22 08:50:39 UTC (1ddb14)1.34.0vulnerable
2020-02-20 13:50:20 UTC (e2b4ab)1.34.0vulnerable
2020-02-09 19:20:46 UTC (8130f3)1.34.0vulnerable
2020-01-31 22:35:47 UTC (a21c2f)1.34.0vulnerable
2020-01-31 03:40:27 UTC (8539d5)1.34.0vulnerable
2020-01-27 15:15:42 UTC (e59dcf)1.34.0vulnerable
2020-01-26 13:55:23 UTC (73a59a)1.34.0vulnerable
2020-01-26 02:00:18 UTC (8a9807)1.34.0vulnerable
2020-01-24 12:40:44 UTC (05626c)1.34.0vulnerable
2020-01-23 12:40:25 UTC (d1ba7d)1.34.0vulnerable
2020-01-22 11:20:35 UTC (90441b)1.34.0vulnerable
2020-01-22 02:25:38 UTC (f37db1)1.34.0vulnerable
2020-01-21 07:35:39 UTC (a65f33)1.34.0vulnerable
2020-01-20 03:15:32 UTC (bea1a2)1.34.0vulnerable
2020-01-18 10:35:34 UTC (c438ce)1.34.0vulnerable
2020-01-17 08:15:31 UTC (2628f2)1.34.0vulnerable
2020-01-16 20:30:28 UTC (d5e9b7)1.34.0vulnerable
2020-01-15 07:35:45 UTC (7184df)1.34.0vulnerable
2020-01-12 17:10:37 UTC (100012)1.34.0vulnerable
2020-01-12 04:35:18 UTC (aa561c)1.34.0vulnerable
2020-01-11 08:25:20 UTC (e41347)1.34.0vulnerable
2020-01-09 02:55:25 UTC (e1eedf)1.34.0vulnerable
2020-01-07 08:20:27 UTC (9beb0d)1.34.0vulnerable
2020-01-05 23:45:32 UTC (2e8fc9)1.34.0vulnerable
2020-01-04 10:30:42 UTC (e0470e)1.34.0vulnerable
2019-12-27 17:25:29 UTC (b0bbac)1.34.0vulnerable