CVE-2019-19708

Опубликовано: 11 дек. 2019

Источник: redhat

CVSS3: 6.1

Описание

The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.

The VisualEditor extension of MediaWiki is not included in OpenShift Container Platform.

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 3.11	mediawiki	Not affected
Red Hat OpenShift Container Platform 4	mediawiki	Not affected

Показывать по

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1809045mediawiki: pasted content containing an element with a specific attribute allows for XSS

6.1 Medium

CVSS3

CVE-2019-19708

CVSS3: 6.1

nvd

около 6 лет назад

The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.

GHSA-8mgg-gfxm-vwwc

github

больше 3 лет назад

The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.

6.1 Medium

CVSS3