CVE-2020-25869
https://notcve.org/view.php?id=CVE-2020-25869
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki. Se detectó un filtrado de información en MediaWiki versiones anteriores a 1.31.10 y desde 1.32.x hasta 1.34.x anteriores a 1.34.4. El manejo de la identificación del actor no necesariamente usa la base de datos correcta o la wiki correcta • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6 https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html https://phabricator.wikimedia.org/T260485 • CWE-863: Incorrect Authorization •
CVE-2020-25828
https://notcve.org/view.php?id=CVE-2020-25828
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.) • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6 https://lists.wikimedia.org/pipermail/mediawiki-announce https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-25814
https://notcve.org/view.php?id=CVE-2020-25814
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked. En MediaWiki versiones anteriores a 1.31.10 y desde 1.32.x hasta 1.34.x anteriores a 1.34.4, puede ocurrir un ataque de tipo XSS relacionado con jQuery. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6 https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-26121
https://notcve.org/view.php?id=CVE-2020-26121
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title. Se detectó un problema en la extensión FileImporter para MediaWiki versiones anteriores a 1.34.4. • https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6 https://phabricator.wikimedia.org/T262628 • CWE-863: Incorrect Authorization •
CVE-2020-26120
https://notcve.org/view.php?id=CVE-2020-26120
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM. Una vulnerabilidad de tipo XSS se presenta en la extensión MobileFrontend para MediaWiki versiones anteriores a 1.34.4 porque section.line es manejada inapropiadamente durante el reemplazo de la línea de la sección de expresiones regulares desde PageGateway. Usando HTML diseñado, un atacante puede provocar un ataque XSS a través del método parseHTML de jQuery, que puede hacer que se activen las devoluciones de llamada de imagen incluso sin que el elemento se agregue al DOM • https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6 https://phabricator.wikimedia.org/T262213 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •