VYPR
Medium severity5.3NVD Advisory· Published Apr 3, 2020· Updated Jun 17, 2026

CVE-2020-10960

CVE-2020-10960

Description

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mediawiki/corePackagist
>= 1.31.0, < 1.31.71.31.7
mediawiki/corePackagist
>= 1.33.0, < 1.33.31.33.3
mediawiki/corePackagist
>= 1.34.0, < 1.34.11.34.1

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.