CVE-2019-14807

Name of the Vulnerable Software and Affected Versions MediaWiki MobileFrontend extension versions 1.31 through 1.33

Description The issue is related to a lack of protection measures for the web page structure in the MobileFrontend extension for MediaWiki, specifically within the includes/specials/MobileSpecialPageFeed.php component. This allows for cross-site scripting (XSS) attacks, which can be exploited by a remote attacker to perform malicious actions. The XSS exists within the edit summary field.

Recommendations For MediaWiki MobileFrontend extension versions 1.31 through 1.33, consider disabling the edit summary field in the includes/specials/MobileSpecialPageFeed.php component until a patch is available. Restrict access to this component to minimize the risk of exploitation. Avoid using the edit summary field in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.