Lucene search

GitHub Advisory DatabaseGHSA-H8QX-MJ6V-2934

HistoryMay 24, 2022 - 5:29 p.m.

MediaWiki Cross-site Scripting (XSS) vulnerability

2022-05-2417:29:42

CWE-79

GitHub Advisory Database

github.com

mediawiki

cross-site scripting

vulnerability

html

user input

jquerymsg

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

54.5%

JSON

An issue was discovered in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. The non-jqueryMsg version of mw.message().parse() doesn’t escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)

Affected configurations

Vulners

Node

mediawikicoreRange1.35.0-rc.0–1.35.0

mediawikicoreRange1.32.0–1.34.3

mediawikicoreRange1.31.0–1.31.9

VendorProductVersionCPE
mediawikicore*cpe:2.3:a:mediawiki:core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mediawiki	core	*	cpe:2.3:a:mediawiki:core::::::::

References

github.com/advisories/GHSA-h8qx-mj6v-2934

github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml

lists.fedoraproject.org/archives/list/[email protected]/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

lists.wikimedia.org/pipermail/mediawiki-announce

lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

nvd.nist.gov/vuln/detail/CVE-2020-25828

phabricator.wikimedia.org/T115888

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

54.5%

JSON

Related for GHSA-H8QX-MJ6V-2934