vulnerability

Debian: CVE-2020-10960: mediawiki -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Apr 3, 2020	Apr 6, 2020	Aug 15, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Apr 3, 2020

Added

Apr 6, 2020

Modified

Aug 15, 2025

Description

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).

Solution

debian-upgrade-mediawiki

References

CVE-2020-10960
https://attackerkb.com/topics/CVE-2020-10960
CWE-74
DEBIAN-DSA-4651-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today