Vulnerability Description
In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mobilefrontend | >= 1.31.0, <= 1.33.0 |
Related Weaknesses (CWE)
References
- https://gerrit.wikimedia.org/g/mediawiki/extensions/MobileFrontend/+/08dfc59771dThird Party Advisory
- https://phabricator.wikimedia.org/T229541PatchThird Party Advisory
- https://gerrit.wikimedia.org/g/mediawiki/extensions/MobileFrontend/+/08dfc59771dThird Party Advisory
- https://phabricator.wikimedia.org/T229541PatchThird Party Advisory
FAQ
What is CVE-2019-14807?
CVE-2019-14807 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php.
How severe is CVE-2019-14807?
CVE-2019-14807 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14807?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mobilefrontend.