Lucene search
Veracode Vulnerability DatabaseVERACODE:28382HistoryDec 06, 2020 - 4:19 a.m.
Cross-Site Scripting (XSS)
2020-12-0604:19:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
cross-site scripting
mediawiki
vulnerability
injection
arbitrary javascript
jquery object
mw.message().parse()
EPSS
0.001
Percentile
49.1%
MediaWiki is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user’s browser by creating a message with [javascript:payload xss] as a jQuery object with mw.message().parse().
References
lists.fedoraproject.org/archives/list/[email protected]/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
security-tracker.debian.org/tracker/CVE-2020-25814
www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg
Related
osv
osv
BIT-mediawiki-2020-25814
2024-03-06 11:14:01
CVE-2020-25814
2020-09-27 21:15:12
mediawiki - security update
2020-09-25 00:00:00
prion
prion
Cross site request forgery (csrf)
2020-09-27 21:15:00
friendsofphp
friendsofphp
mw.message.parse() accepts javascript: protocol in wikilinks
2020-09-24 01:25:00
redhatcve
redhatcve
CVE-2020-25814
2020-12-02 18:47:02
ubuntucve
ubuntucve
CVE-2020-25814
2020-09-27 00:00:00
cve
cve
CVE-2020-25814
2020-09-27 21:15:12
cvelist
cvelist
CVE-2020-25814
2020-09-27 20:29:44
debiancve
debiancve
CVE-2020-25814
2020-09-27 21:15:12
nvd
nvd
CVE-2020-25814
2020-09-27 21:15:12
github
github
MediaWiki Cross-site Scripting (XSS) vulnerability
2022-05-24 17:29:42
debian
debian
[SECURITY] [DLA 2379-1] mediawiki security update
2020-09-26 01:26:02
[SECURITY] [DSA 4767-1] mediawiki security update
2020-09-25 17:43:05
openvas
openvas
Debian: Security Advisory (DLA-2379-1)
2020-09-26 00:00:00
Mageia: Security Advisory (MGASA-2020-0381)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-4767-1)
2020-09-27 00:00:00
nessus
nessus
Debian DSA-4767-1 : mediawiki - security update
2020-09-28 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerability
2020-09-30 13:01:40
fedora
fedora
[SECURITY] Fedora 33 Update: php-wikimedia-assert-0.5.0-1.fc33
2020-12-14 00:59:10
[SECURITY] Fedora 33 Update: mediawiki-1.35.0-1.fc33
2020-12-14 00:59:10
[SECURITY] Fedora 33 Update: php-zordius-lightncandy-1.2.5-1.fc33
2020-12-14 00:59:10
altlinux
altlinux
Security fix for the ALT Linux 9 package mediawiki version 1.35.0-alt1
2020-10-14 00:00:00