CVE-2020-10960 – In MediaWiki before 1.34.1, users can add various Cascading Style Sheets

March 7, 2022

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10960

Reference (s):

https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
https://phabricator.wikimedia.org/T246602

CVE-2020-10960 – In MediaWiki before 1.34.1, users can add various Cascading Style Sheets

Something Fresh

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-27216 - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

What People Reading

CVE-2020-11610 - An issue was discovered in xdLocalStorage through 2.0.5. The postData() f

CVE-2020-27199 - The Magic Home Pro application 1.5.1 for Android allows Authentication By

CVE-2020-27216 - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

CVE-2015-0320 - Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

Categories

Partners

Just add here your partners image or promo text

CVE-2020-10960 – In MediaWiki before 1.34.1, users can add various Cascading Style Sheets

Related posts

Something Fresh

What People Reading

Categories

Partners

Just add here your partners image or promo text