Lucene search
K

25 matches found

CVE
CVE
added 2020/09/27 8:27 p.m.89 views

CVE-2020-25815

The CVE-2020-25815 issue affects MediaWiki 1.32.x–1.34.x prior to 1.34.4. The root cause is LogEventList::getFiltersDesc constructing HTML multi-select option names by using message text (text()) instead of the correct escaping method (escaped()). This insecure handling can expose UI strings and ...

6.1CVSS6.6AI score0.01104EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2020/09/27 8:27 p.m.26 views

CVE-2020-25815

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

6.1CVSS6.5AI score0.01104EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/09/25 12:0 a.m.6 views

PT-2020-16223 · Wikimedia +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.32.x through 1.34.x before 1.34.4 Description: An issue was discovered where the LogEventList::getFiltersDesc function is insecurely using message text to build options names for an HTML multi-select field. The relevant...

9.8CVSS6AI score0.04098EPSS
Exploits6References63
CNVD
CNVD
added 2019/12/23 12:0 a.m.3 views

SQLite Code Issue Vulnerability (CNVD-2020-22809)

SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. SQLite 3.30.1 version of the select.c file of multiSelect there is a co...

7.5CVSS8.8AI score0.06997EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/08 12:0 a.m.3 views

Portainer Cross-Site Scripting Vulnerability (CNVD-2019-40484)

Portainer is an open source lightweight management UI that allows you to easily manage docker hosts or clusters. A stored cross-site scripting vulnerability exists in the isteven-multi-select component in Portainer versions prior to 1.22.1. An attacker can exploit this vulnerability to inject...

5.4CVSS6.2AI score0.00521EPSS
Exploits0References1
Rows per page
Query Builder