1. Home
  2. Security Advisories
  3. PHP (Composer)
  4. PHP:MEDIAWIKI-CORE-2020-25828

[PHP:MEDIAWIKI-CORE-2020-25828] Non-jqueryMsg version of mw.message(…).parse() doesn't escape HTML

Severity Medium
Affected Packages 3
CVEs 1
Info Packages References Vulnerabilities
Non-jqueryMsg version of mw.message(…).parse() doesn't escape HTML
Package Affected Version
pkg:composer/mediawiki/core >= 1.31.0, < 1.31.9
pkg:composer/mediawiki/core >= 1.34.99, < 1.35.0
pkg:composer/mediawiki/core >= 1.34.0, < 1.34.3
ID
PHP:MEDIAWIKI-CORE-2020-25828
Severity
medium
Severity from
CVE-2020-25828
URL
https://phabricator.wikimedia.org/T115888
Published
2020-09-24T01:26:41
(4 years ago)
Modified
2020-10-19T19:26:52
(3 years ago)
Rights
PHP Security Advisories Database Team
Other Advisories
Source # ID Name URL
Security Advisory https://phabricator.wikimedia.org/T115888
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:composer/mediawiki/core mediawiki core >= 1.31.0 < 1.31.9
Affected pkg:composer/mediawiki/core mediawiki core >= 1.34.99 < 1.35.0
Affected pkg:composer/mediawiki/core mediawiki core >= 1.34.0 < 1.34.3
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date