Advisories ยป MGASA-2020-0167

Updated mediawiki packages fix security vulnerability

Publication date: 15 Apr 2020
Modification date: 15 Apr 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10960

Description

Updated mediawiki packages fix security vulnerability:

In MediaWiki before 1.31.7, users can add various Cascading Style Sheets
(CSS) classes (which can affect what content is shown or hidden in the
user interface) to arbitrary DOM nodes via HTML content within a MediaWiki
page. This occurs because jquery.makeCollapsible allows applying an event
handler to any Cascading Style Sheets (CSS) selector. There is no known way
to exploit this for cross-site scripting (XSS) (CVE-2020-10960).
                

References

SRPMS

7/core