Unrated severityNVD Advisory· Published Sep 27, 2020· Updated Aug 4, 2024
CVE-2020-26120
CVE-2020-26120
Description
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- MediaWiki/MobileFrontenddescription
- Range: <1.34.4
Patches
Vulnerability mechanics
References
3- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/mitrevendor-advisoryx_refsource_FEDORA
- gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10eamitrex_refsource_MISC
- phabricator.wikimedia.org/T262213mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.