Unrated severityNVD Advisory· Published Oct 28, 2020· Updated Aug 4, 2024

CVE-2020-27957

Description

The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

MediaWiki/MediaWikidescription
MediaWiki/RandomGameUnitllm-create
osv-coords
pkg:bitnami/mediawiki
Range: < 1.35.1

Patches

Vulnerability mechanics

References

gerrit.wikimedia.org/r/q/I497d2076038f75c9eb77e0e250f2af56f5bd2bfcmitrex_refsource_MISC
phabricator.wikimedia.org/T266400mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000