CVE-2020-25815Cross-site Scripting in Mediawiki

CWE-79Cross-site Scripting6 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 40.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
MediawikiMediawiki CoreDebian Mediawiki+1 more
Timeline
PublishedSep 27
Latest updateMay 24

Description

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

Packagistmediawiki/core1.32.01.34.3+1
debiandebian/mediawiki< mediawiki 1:1.35.0-1 (bookworm)
NVDmediawiki/mediawiki1.32.01.34.4
Debianmediawiki/mediawiki< 1:1.35.0-1+3

Also affects: Fedora 33

Patches

Patch: gerrit.wikimedia.orgPatch: gerrit.wikimedia.org

🔴Vulnerability Details

3
GHSA
MediaWiki Cross-site Scripting (XSS) vulnerability2022-05-24
OSV
MediaWiki Cross-site Scripting (XSS) vulnerability2022-05-24
OSV
CVE-2020-25815: An issue was discovered in MediaWiki 12020-09-27

📋Vendor Advisories

2
Red Hat
mediawiki: LogEventList:: getFiltersDesc is insecurely using message text to build options names for HTML multi-select field2020-09-27
Debian
CVE-2020-25815: mediawiki - An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEve...2020
CVE-2020-25815 — Cross-site Scripting in Mediawiki | cvebase