Lucene search
MitreCVELIST:CVE-2020-25815HistorySep 27, 2020 - 8:27 p.m.
CVE-2020-25815
2020-09-2720:27:14
mitre
www.cve.org
6
mediawiki
logeventlist
insecure
html
field
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().
References
gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
Related
redhatcve
redhatcve
CVE-2020-25815
2020-12-02 18:46:57
nvd
nvd
CVE-2020-25815
2020-09-27 21:15:12
debiancve
debiancve
CVE-2020-25815
2020-09-27 21:15:12
prion
prion
Code injection
2020-09-27 21:15:00
github
github
MediaWiki Cross-site Scripting (XSS) vulnerability
2022-05-24 17:29:42
cve
cve
CVE-2020-25815
2020-09-27 21:15:12
ubuntucve
ubuntucve
CVE-2020-25815
2020-09-27 00:00:00
friendsofphp
friendsofphp
Unescaped message used in HTML within LogEventsList
2020-09-24 01:38:27
osv
osv
CVE-2020-25815
2020-09-27 21:15:12
BIT-mediawiki-2020-25815
2024-03-06 11:13:59
nessus
nessus
Debian DSA-4767-1 : mediawiki - security update
2020-09-28 00:00:00
debian
debian
[SECURITY] [DSA 4767-1] mediawiki security update
2020-09-25 17:43:05
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0381)
2022-01-28 00:00:00
Fedora: Security Advisory for mediawiki (FEDORA-2020-a4802c53d9)
2020-12-14 00:00:00
Fedora: Security Advisory for php-oojs-oojs-ui (FEDORA-2020-a4802c53d9)
2020-12-14 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerability
2020-09-30 13:01:40
fedora
fedora
[SECURITY] Fedora 33 Update: php-zordius-lightncandy-1.2.5-1.fc33
2020-12-14 00:59:10
[SECURITY] Fedora 33 Update: php-wikimedia-assert-0.5.0-1.fc33
2020-12-14 00:59:10
[SECURITY] Fedora 33 Update: mediawiki-1.35.0-1.fc33
2020-12-14 00:59:10
altlinux
altlinux
Security fix for the ALT Linux 9 package mediawiki version 1.35.0-alt1
2020-10-14 00:00:00