MGASA-2020-0167

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0167.html

Import Source

https://advisories.mageia.org/MGASA-2020-0167.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0167

Related

CVE-2020-10960

Published

2020-04-15T10:12:14Z

Modified

2020-04-15T09:44:40Z

Summary

Updated mediawiki packages fix security vulnerability

Details

Updated mediawiki packages fix security vulnerability:

In MediaWiki before 1.31.7, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS) (CVE-2020-10960).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / mediawiki

Package

Name: mediawiki
Purl: pkg:rpm/mageia/mediawiki?arch=source&distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.31.7-1.mga7

Ecosystem specific

{
    "section": "core"
}