25 matches found
CVE-2020-25815
The CVE-2020-25815 issue affects MediaWiki 1.32.x–1.34.x prior to 1.34.4. The root cause is LogEventList::getFiltersDesc constructing HTML multi-select option names by using message text (text()) instead of the correct escaping method (escaped()). This insecure handling can expose UI strings and ...
CVE-2020-25815
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...
PT-2020-16223 · Wikimedia +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.32.x through 1.34.x before 1.34.4 Description: An issue was discovered where the LogEventList::getFiltersDesc function is insecurely using message text to build options names for an HTML multi-select field. The relevant...
SQLite Code Issue Vulnerability (CNVD-2020-22809)
SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. SQLite 3.30.1 version of the select.c file of multiSelect there is a co...
Portainer Cross-Site Scripting Vulnerability (CNVD-2019-40484)
Portainer is an open source lightweight management UI that allows you to easily manage docker hosts or clusters. A stored cross-site scripting vulnerability exists in the isteven-multi-select component in Portainer versions prior to 1.22.1. An attacker can exploit this vulnerability to inject...