CVE-2020-25812

Publication date

2020-09-27 20:25:18

Family

mitre

State

PUBLISHED

Description

An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.