Lucene search
GoogleOSV:CVE-2020-25812HistorySep 27, 2020 - 9:15 p.m.
CVE-2020-25812
2020-09-2721:15:12
Google
osv.dev
8
mediawiki
special:contributions
xss
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.
References
gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
Related
github
github
MediaWiki Cross-site Scripting (XSS) vulnerability
2022-05-24 17:29:41
redhatcve
redhatcve
CVE-2020-25812
2020-12-02 18:46:53
friendsofphp
friendsofphp
Unescaped message used in HTML on Special:Contributions
2020-09-24 01:38:27
nvd
nvd
CVE-2020-25812
2020-09-27 21:15:12
ubuntucve
ubuntucve
CVE-2020-25812
2020-09-27 00:00:00
osv
osv
BIT-mediawiki-2020-25812
2024-03-06 11:14:03
mediawiki - security update
2020-09-25 00:00:00
cve
cve
CVE-2020-25812
2020-09-27 21:15:12
debiancve
debiancve
CVE-2020-25812
2020-09-27 21:15:12
veracode
veracode
Cross-site Scripting (XSS)
2020-12-06 04:19:40
prion
prion
Design/Logic Flaw
2020-09-27 21:15:00
cvelist
cvelist
CVE-2020-25812
2020-09-27 20:25:18
nessus
nessus
Debian DSA-4767-1 : mediawiki - security update
2020-09-28 00:00:00
debian
debian
[SECURITY] [DSA 4767-1] mediawiki security update
2020-09-25 17:43:05
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0381)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-4767-1)
2020-09-27 00:00:00
Fedora: Security Advisory for mediawiki (FEDORA-2020-a4802c53d9)
2020-12-14 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerability
2020-09-30 13:01:40
fedora
fedora
[SECURITY] Fedora 33 Update: php-zordius-lightncandy-1.2.5-1.fc33
2020-12-14 00:59:10
[SECURITY] Fedora 33 Update: php-wikimedia-assert-0.5.0-1.fc33
2020-12-14 00:59:10
[SECURITY] Fedora 33 Update: mediawiki-1.35.0-1.fc33
2020-12-14 00:59:10
altlinux
altlinux
Security fix for the ALT Linux 9 package mediawiki version 1.35.0-alt1
2020-10-14 00:00:00