CVE-2020-26120 – XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.lin …

27 September 2020

Vuln ID: CVE-2020-26120

Published: 2020-09-27 21:15:13Z

Description: XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery’s parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM.

Source: NVD.NIST.GOV

Date:

27 September 2020

Categorie(s):

NVD

Tag(s):

NVD

From Hackers to Streakers – How Counterintelligence Teams are Protecting the NFL – Joe McMann – ESW #35819 April 2024
Cybersecurity firm Wiz reportedly in talks to buy Lacework for $150M-$200M19 April 2024
Microsoft finds Kubernetes clusters targeted by OpenMetadata exploits18 April 2024
6 Best Free and Open-Source Web Application Firewalls18 April 2024
Ransomware feared as IT ‘issues’ force Octapharma Plasma to close 150+ centers18 April 2024