Moderate severityNVD Advisory· Published Apr 3, 2020· Updated Aug 4, 2024
CVE-2020-10960
CVE-2020-10960
Description
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mediawiki/corePackagist | >= 1.31.0, < 1.31.7 | 1.31.7 |
mediawiki/corePackagist | >= 1.33.0, < 1.33.3 | 1.33.3 |
mediawiki/corePackagist | >= 1.34.0, < 1.34.1 | 1.34.1 |
Affected products
3- MediaWiki/MediaWikidescription
- osv-coords2 versions
< 1.34.1+ 1 more
- (no CPE)range: < 1.34.1
- (no CPE)range: >= 1.31.0, < 1.31.7
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-pfm2-mqwj-ggm5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-10960ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10960.yamlghsaWEB
- lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.htmlghsax_refsource_CONFIRMWEB
- phabricator.wikimedia.org/T246602ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.