XSS Vulnerability in Wikimedia MediaWiki 1.30.0 through 1.32.1

XSS Vulnerability in Wikimedia MediaWiki 1.30.0 through 1.32.1

CVE-2019-12471 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

Learn more about our User Device Pen Test.