Lucene search
Veracode Vulnerability DatabaseVERACODE:28384HistoryDec 06, 2020 - 4:19 a.m.
Cross-site Scripting (XSS)
2020-12-0604:19:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.001 Low
EPSS
Percentile
41.5%
MediaWiki is vulnerable to cross-site scripting (XSS). Allowing an attacker to modify messages is include raw HTML which NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mediawiki:buster | eq | 1:1.31.7-1~deb10u1 | |
| mediawiki:buster | eq | 1:1.31.7-1~deb10u1 |
References
gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592
lists.fedoraproject.org/archives/list/[email protected]/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
security-tracker.debian.org/tracker/CVE-2020-25812
Related
github
github
MediaWiki Cross-site Scripting (XSS) vulnerability
2022-05-24 17:29:41
osv
osv
CVE-2020-25812
2020-09-27 21:15:12
BIT-mediawiki-2020-25812
2024-03-06 11:14:03
mediawiki - security update
2020-09-25 00:00:00
cvelist
cvelist
CVE-2020-25812
2020-09-27 20:25:18
prion
prion
Design/Logic Flaw
2020-09-27 21:15:00
redhatcve
redhatcve
CVE-2020-25812
2020-12-02 18:46:53
nvd
nvd
CVE-2020-25812
2020-09-27 21:15:12
friendsofphp
friendsofphp
Unescaped message used in HTML on Special:Contributions
2020-09-24 01:38:27
ubuntucve
ubuntucve
CVE-2020-25812
2020-09-27 00:00:00
debiancve
debiancve
CVE-2020-25812
2020-09-27 21:15:12
cve
cve
CVE-2020-25812
2020-09-27 21:15:12
mageia
mageia
Updated mediawiki packages fix security vulnerability
2020-09-30 13:01:40
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0381)
2022-01-28 00:00:00
Fedora: Security Advisory for php-wikimedia-assert (FEDORA-2020-a4802c53d9)
2020-12-14 00:00:00
Debian: Security Advisory (DSA-4767-1)
2020-09-27 00:00:00
nessus
nessus
Debian DSA-4767-1 : mediawiki - security update
2020-09-28 00:00:00
debian
debian
[SECURITY] [DSA 4767-1] mediawiki security update
2020-09-25 17:43:05
fedora
fedora
[SECURITY] Fedora 33 Update: php-oojs-oojs-ui-0.39.3-1.fc33
2020-12-14 00:59:10
[SECURITY] Fedora 33 Update: php-wikimedia-assert-0.5.0-1.fc33
2020-12-14 00:59:10
[SECURITY] Fedora 33 Update: mediawiki-1.35.0-1.fc33
2020-12-14 00:59:10
altlinux
altlinux
Security fix for the ALT Linux 9 package mediawiki version 1.35.0-alt1
2020-10-14 00:00:00