What is the severity of CVE-2019-12471?

CVE-2019-12471 is classified as a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.

How do I fix CVE-2019-12471?

To fix CVE-2019-12471, upgrade to MediaWiki versions 1.31.16 or later, 1.35.11 or later, or 1.39.4 or later.

Which versions of MediaWiki are affected by CVE-2019-12471?

CVE-2019-12471 affects MediaWiki versions 1.30.0 through 1.32.1 and some earlier versions.

What impact does CVE-2019-12471 have on MediaWiki applications?

CVE-2019-12471 allows an attacker to execute arbitrary JavaScript in the context of other users, leading to potential data theft or session hijacking.

Is user input validation affected by CVE-2019-12471?

Yes, CVE-2019-12471 highlights a failure in user input validation, specifically when loading JavaScript from unregistered user accounts.

Vulnerability/
CVE-2019-12471

medium

6.1

CWE

21/10/2018

10/7/2019

4/8/2024

CVE-2019-12471: XSS

First published: Sun Oct 21 2018(Updated: )

Loading JS from user space where the username is not a registered account is dangerous and should be banned

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
composer/mediawiki/core	>=1.27.0<1.27.6>=1.30.0<1.30.2>=1.31.0<1.31.2
debian/mediawiki		1:1.31.16-1+deb10u2 1:1.31.16-1+deb10u6 1:1.35.11-1~deb11u1 1:1.35.13-1~deb11u1 1:1.39.4-1~deb12u1 1:1.39.5-1~deb12u1 1:1.39.5-1
composer/mediawiki/core	>=1.31.0<1.31.2	1.31.2
composer/mediawiki/core	>=1.30.0<1.30.2	1.30.2
composer/mediawiki/core	>=1.27.0<1.27.6	1.27.6
Wikimedia MediaWiki	>=1.30.0<1.30.2
Wikimedia MediaWiki	>=1.31.0<1.31.2
Wikimedia MediaWiki	>=1.32.0<1.32.2
Debian GNU/Linux	=9.0

Remedy

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-12471?
CVE-2019-12471 is classified as a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2019-12471?
To fix CVE-2019-12471, upgrade to MediaWiki versions 1.31.16 or later, 1.35.11 or later, or 1.39.4 or later.
Which versions of MediaWiki are affected by CVE-2019-12471?
CVE-2019-12471 affects MediaWiki versions 1.30.0 through 1.32.1 and some earlier versions.
What impact does CVE-2019-12471 have on MediaWiki applications?
CVE-2019-12471 allows an attacker to execute arbitrary JavaScript in the context of other users, leading to potential data theft or session hijacking.
Is user input validation affected by CVE-2019-12471?
Yes, CVE-2019-12471 highlights a failure in user input validation, specifically when loading JavaScript from unregistered user accounts.

collector/friends-of-php
collector/security-tracker-debian
agent/type
agent/first-publish-date
agent/weakness
agent/remedy
agent/description
collector/github-advisory-latest
source/GitHub
alias/GHSA-2rm7-xxx8-35jh
alias/CVE-2019-12471
agent/software-canonical-lookup
agent/severity
agent/references
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
package-manager/composer
package-manager/debian
vendor/mediawiki
canonical/wikimedia mediawiki
version/wikimedia mediawiki/1.30.0
version/wikimedia mediawiki/1.31.0
version/wikimedia mediawiki/1.32.0
vendor/debian
canonical/debian gnu/linux
version/debian gnu/linux/9.0

Frequently Asked Questions

What is the severity of CVE-2019-12471?
CVE-2019-12471 is classified as a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2019-12471?
To fix CVE-2019-12471, upgrade to MediaWiki versions 1.31.16 or later, 1.35.11 or later, or 1.39.4 or later.
Which versions of MediaWiki are affected by CVE-2019-12471?
CVE-2019-12471 affects MediaWiki versions 1.30.0 through 1.32.1 and some earlier versions.
What impact does CVE-2019-12471 have on MediaWiki applications?
CVE-2019-12471 allows an attacker to execute arbitrary JavaScript in the context of other users, leading to potential data theft or session hijacking.
Is user input validation affected by CVE-2019-12471?
Yes, CVE-2019-12471 highlights a failure in user input validation, specifically when loading JavaScript from unregistered user accounts.

CVE-2019-12471: XSS

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-12471?

How do I fix CVE-2019-12471?

Which versions of MediaWiki are affected by CVE-2019-12471?

What impact does CVE-2019-12471 have on MediaWiki applications?

Is user input validation affected by CVE-2019-12471?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-12471?

How do I fix CVE-2019-12471?

Which versions of MediaWiki are affected by CVE-2019-12471?

What impact does CVE-2019-12471 have on MediaWiki applications?

Is user input validation affected by CVE-2019-12471?