CVE-2020-25828Cross-site Scripting in Mediawiki

CWE-79Cross-site Scripting6 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 40.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
MediawikiMediawiki CoreDebian Mediawiki+1 more
Timeline
PublishedSep 27
Latest updateMay 24

Description

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:Sp

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

Packagistmediawiki/core1.31.01.31.9+2
debiandebian/mediawiki< mediawiki 1:1.35.0-1 (bookworm)
NVDmediawiki/mediawiki1.32.01.34.4+1
Debianmediawiki/mediawiki< 1:1.35.0-1+3

Also affects: Fedora 33

🔴Vulnerability Details

3
GHSA
MediaWiki Cross-site Scripting (XSS) vulnerability2022-05-24
OSV
MediaWiki Cross-site Scripting (XSS) vulnerability2022-05-24
OSV
CVE-2020-25828: An issue was discovered in MediaWiki before 12020-09-27

📋Vendor Advisories

2
Red Hat
mediawiki: non-jqueryMsg version of mw.message().parse() doesn't escape HTML leads to XSS2020-09-27
Debian
CVE-2020-25828: mediawiki - An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x be...2020
CVE-2020-25828 — Cross-site Scripting in Mediawiki | cvebase