PT-2020-9662 · Mediawiki · Mediawiki Mobilefrontend Extension

Sbassett

·

Published

2020-03-19

·

Updated

2020-03-23

·

CVE-2019-15124

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions MediaWiki MobileFrontend extension versions REL1 31 through REL1 33
Description The issue exists within the edit summary field of the watchlist feed, allowing for XSS.
Recommendations For versions REL1 31 through REL1 33, update to a version that includes a fix for this issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-15124

Affected Products

Mediawiki Mobilefrontend Extension