CVE-2020-25812

CVSS v3.1 6.1 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.14 % (50^th)

Affected Products 2

Advisories 3

An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2020-09-27 21:15:12
(4 years ago)
Updated Date: 2023-11-07 03:20:25
(10 months ago)

Affected Products

Fedoraproject

Fedora

Mediawiki

Mediawiki

Configuration #1

		CPE23	From	Up To
	Mediawiki from 1.34.0 version and prior 1.34.4 version	cpe:2.3:a:mediawiki:mediawiki	>= 1.34.0	< 1.34.4

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 33	cpe:2.3:o:fedoraproject:fedora:33