CVE-2020-25814 – In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery …

27 September 2020

Vuln ID: CVE-2020-25814

Published: 2020-09-27 21:15:12Z

Description: In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it’s empty, etc.). The actual result is that the object contains an <a href ="javascript… that executes when clicked.

Source: NVD.NIST.GOV

Date:

27 September 2020

Categorie(s):

NVD

Tag(s):

NVD

Node.js in Security? Don’t Get Hacked – Secure Your Code Now! 25 April 2024
Authorities Warned that Hackers Are Exploiting Flaws in CISCO ASA VPNs25 April 2024
Hackers Exploit Cisco Firewall Zero-Days to Hack Government Networks25 April 2024
A Comprehensive Cyber Guide: Best Practices for Small Businesses25 April 2024
Applying DevSecOps principles to machine learning workloads25 April 2024