Unrated severityNVD Advisory· Published Oct 22, 2020· Updated Aug 4, 2024
CVE-2020-27620
CVE-2020-27620
Description
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- MediaWiki/Cosmos Skin for MediaWikidescription
Patches
Vulnerability mechanics
References
4- gerrit.wikimedia.org/r/c/mediawiki/skins/Cosmos/+/634749mitrex_refsource_MISC
- gerrit.wikimedia.org/r/c/mediawiki/skins/Cosmos/+/634751mitrex_refsource_MISC
- gerrit.wikimedia.org/r/c/mediawiki/skins/Cosmos/+/634752mitrex_refsource_MISC
- phabricator.wikimedia.org/T265440mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.