Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wZm0yLW1xd2otZ2dtNc4AAkIZ
MediaWiki makeCollapsible allows applying event handler to any CSS selector
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).
Permalink: https://github.com/advisories/GHSA-pfm2-mqwj-ggm5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wZm0yLW1xd2otZ2dtNc4AAkIZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 10 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Percentage: 0.00119
EPSS Percentile: 0.46673
Identifiers: GHSA-pfm2-mqwj-ggm5, CVE-2020-10960
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-10960
- https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
- https://phabricator.wikimedia.org/T246602
- https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10960.yaml
- https://github.com/advisories/GHSA-pfm2-mqwj-ggm5
Affected Packages
packagist:mediawiki/core
Dependent packages: 4Dependent repositories: 10
Downloads: 3,051 total
Affected Version Ranges: >= 1.34.0, < 1.34.1, >= 1.33.0, < 1.33.3, >= 1.31.0, < 1.31.7
Fixed in: 1.34.1, 1.33.3, 1.31.7
All affected versions: 1.31.0, 1.31.1, 1.31.2, 1.31.3, 1.31.4, 1.31.5, 1.31.6, 1.33.0, 1.33.1, 1.33.2, 1.34.0
All unaffected versions: 1.20.3, 1.20.4, 1.20.5, 1.20.6, 1.20.7, 1.20.8, 1.21.0, 1.21.1, 1.21.2, 1.21.3, 1.21.4, 1.21.5, 1.21.6, 1.21.7, 1.21.8, 1.21.9, 1.21.10, 1.21.11, 1.24.0, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.24.5, 1.24.6, 1.25.0, 1.25.1, 1.25.2, 1.25.3, 1.25.4, 1.25.5, 1.25.6, 1.26.0, 1.26.1, 1.26.2, 1.26.3, 1.26.4, 1.27.0, 1.27.1, 1.27.2, 1.27.3, 1.27.4, 1.27.5, 1.27.6, 1.27.7, 1.28.0, 1.28.1, 1.28.2, 1.28.3, 1.29.0, 1.29.1, 1.29.2, 1.29.3, 1.30.0, 1.30.1, 1.30.2, 1.31.7, 1.31.8, 1.31.9, 1.31.10, 1.31.11, 1.31.12, 1.31.13, 1.31.14, 1.31.15, 1.31.16, 1.32.0, 1.32.1, 1.32.2, 1.32.3, 1.32.4, 1.32.5, 1.32.6, 1.33.3, 1.33.4, 1.34.1, 1.34.2, 1.34.3, 1.34.4, 1.35.0, 1.35.1, 1.35.2, 1.35.3, 1.35.4, 1.35.5, 1.35.6, 1.35.7, 1.35.8, 1.35.9, 1.35.10, 1.35.11, 1.35.12, 1.35.13, 1.35.14, 1.36.0, 1.36.1, 1.36.2, 1.36.3, 1.36.4, 1.37.0, 1.37.1, 1.37.2, 1.37.3, 1.37.4, 1.37.5, 1.37.6, 1.38.0, 1.38.1, 1.38.2, 1.38.3, 1.38.4, 1.38.5, 1.38.6, 1.38.7, 1.39.0, 1.39.1, 1.39.2, 1.39.3, 1.39.4, 1.39.5, 1.39.6, 1.39.7, 1.39.8, 1.39.9, 1.39.10, 1.40.0, 1.40.1, 1.40.2, 1.40.3, 1.40.4, 1.41.0, 1.41.1, 1.41.2, 1.41.3, 1.41.4, 1.42.0, 1.42.1, 1.42.2, 1.42.3