7 matches found
EUVD-2022-4110
Malicious code in bioql PyPI...
MediaWiki Cross-site Scripting (XSS) vulnerability
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss and turns it into a jQuery object with mw.message.parse. The expected result is that the jQuery object does not contain an tag or it does...
Cross-Site Scripting (XSS)
MediaWiki is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser by creating a message with javascript:payload xss as a jQuery object with mw.message.parse...
CVE-2020-25814
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss and turns it into a jQuery object with mw.message.parse. The expected result is that the jQuery object does not contain an tag or it doe...
CVE-2020-25828
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...
CVE-2020-25814
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss and turns it into a jQuery object with mw.message.parse. The expected result is that the jQuery object does not contain an tag or it doe...
CVE-2020-25828
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...