CVE-2019-19708

CVE-2019-19708

EPSS 0.7%

The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gerrit.wikimedia.org/r/q/I1f99458fd2c4f6b2460dfe7a93b330ddee4400b6 https://phabricator.wikimedia.org/T239209