2019-07-10 18:15:11 2019-07-16 15:29:43

Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE