Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-10960

Опубликовано: 02 мар. 2020
Источник: redhat
CVSS3: 5.3

Описание

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).

A flaw was found in MediaWiki, where many CSS stylesheets were applied freely to user Wiki pages. This flaw allows an attacker with the ability to create Wiki pages to hide HTML elements that they should not have access permissions to control.

Отчет

The MediaWiki Ansible Playbook has been removed from OpenShift Container Platform in the 4.3 release.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11mediawikiWill not fix
Red Hat OpenShift Container Platform 4mediawikiWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-138
https://bugzilla.redhat.com/show_bug.cgi?id=1826076mediawiki: makeCollapsible allows applying event handler to any CSS selector

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-10960

CVSS3: 5.3
ubuntu
почти 6 лет назад

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).

nvd логотип

CVE-2020-10960

CVSS3: 5.3
nvd
почти 6 лет назад

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).

debian логотип

CVE-2020-10960

CVSS3: 5.3
debian
почти 6 лет назад

In MediaWiki before 1.34.1, users can add various Cascading Style Shee ...

github логотип

GHSA-pfm2-mqwj-ggm5

CVSS3: 5.3
github
больше 3 лет назад

MediaWiki makeCollapsible allows applying event handler to any CSS selector

fstec логотип

BDU:2020-02036

CVSS3: 5.3
fstec
почти 6 лет назад

Уязвимость компонента программного средства для реализации гипертекстовой среды MediaWiki, связанная с недостатком механизма кодирование или экранирование выходных данных, позволяющая нарушителю оказать воздействие на целостность данных

5.3 Medium

CVSS3