CVE-2019-19708
The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.
Date published : 2019-12-10
https://gerrit.wikimedia.org/r/q/I1f99458fd2c4f6b2460dfe7a93b330ddee4400b6