Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-25814 - Vulnerability Database
MediaWiki

MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-25814

Medium
Reference: CVE-2020-25814
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-25814
Title: MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4 XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an ltagt tag (or it does not have a href attribute or it39s empty etc.). The actual result is that the object contains an lta href quotjavascript... that executes when clicked.