Description

An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.

Remediation

References

CVE-2020-25812

Related Vulnerabilities

Oracle Database Server CVE-2006-5341 Vulnerability (CVE-2006-5341)

WordPress Plugin Animate It! Cross-Site Request Forgery (2.3.5)

Joomla! Core Security Bypass (2.5.0 - 3.8.7)

Oracle Database Server CVE-2018-2841 Vulnerability (CVE-2018-2841)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14239)

Severity

Medium

Classification

CVE-2020-25812 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities