CVE-2020-10960Injection in Mediawiki

CWE-74InjectionCWE-138Improper Neutralization of Special ElementsCWE-116Improper Encoding or Escaping of Output8 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 56.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MediawikiMediawiki CoreDebian Mediawiki
Timeline
PublishedApr 3
Latest updateMay 24

Description

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

Packagistmediawiki/core1.31.01.31.7+2
debiandebian/mediawiki< mediawiki 1:1.31.7-1 (bookworm)
NVDmediawiki/mediawiki< 1.34.1
Debianmediawiki/mediawiki< 1:1.31.7-1+3

Patches

Patch: lists.wikimedia.orgPatch: lists.wikimedia.org

🔴Vulnerability Details

3
GHSA
MediaWiki makeCollapsible allows applying event handler to any CSS selector2022-05-24
OSV
MediaWiki makeCollapsible allows applying event handler to any CSS selector2022-05-24
OSV
CVE-2020-10960: In MediaWiki before 12020-04-03

📋Vendor Advisories

2
Red Hat
mediawiki: makeCollapsible allows applying event handler to any CSS selector2020-03-02
Debian
CVE-2020-10960: mediawiki - In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) c...2020

💬Community

2
Bugzilla
CVE-2020-10960 mediawiki: makeCollapsible allows applying event handler to any CSS selector [fedora-all]2020-04-20
Bugzilla
CVE-2020-10960 mediawiki: makeCollapsible allows applying event handler to any CSS selector2020-04-20
CVE-2020-10960 — Injection in Mediawiki | cvebase