XSS Vulnerability in Wikimedia MediaWiki 1.30.0 through 1.32.1
CVE-2019-12471 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Learn more about our User Device Pen Test.