CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
54.5%
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through
1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse()
doesn’t escape HTML. This affects both message contents (which are
generally safe) and the parameters (which can be based on user input).
(When jqueryMsg is loaded, it correctly accepts only whitelisted tags in
message contents, and escapes all parameters. Situations with an unloaded
jqueryMsg are rare in practice, but can for example occur for
Special:SpecialPages on a wiki with no extensions installed.)
launchpad.net/bugs/cve/CVE-2020-25828
lists.wikimedia.org/pipermail/mediawiki-announce
lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
nvd.nist.gov/vuln/detail/CVE-2020-25828
phabricator.wikimedia.org/T115888
security-tracker.debian.org/tracker/CVE-2020-25828
www.cve.org/CVERecord?id=CVE-2020-25828
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
54.5%