Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.144681
Category:Web application abuses
Title:MediaWiki Multiple Vulnerabilities - September20 (Linux)
Summary:MediaWiki is prone to multiple vulnerabilities.
Description:Summary:
MediaWiki is prone to multiple vulnerabilities.

Vulnerability Insight:
The following vulnerabilities were fixed:

- SpecialUserrights: If a viewer lacks 'hideuser', ignore hidden users (CVE-2020-25813)

- Unescaped message used in HTML on Special:Contributions (CVE-2020-25812)

- Unescaped message used in HTML within LogEventsList (CVE-2020-25815)

- Prevent invoking firejail's --output functionality (CVE-2020-17367, CVE-2020-17368)

- mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute (CVE-2020-25814)

- Escape HTML in mw.message( ... ).parse() (CVE-2020-25828)

- ActorMigration: Load user from the correct database (CVE-2020-25869)

- Ensure actor ID from correct wiki is used (CVE-2020-25869)

- TOTP throttle not enforced cross-wiki (CVE-2020-25827)

- XSS in the MobileFrontend extension (CVE-2020-26120)

- An issue was discovered in the FileImporter extension (CVE-2020-26121)

Affected Software/OS:
MediaWiki versions before 1.31.10 and 1.34.4.

Solution:
Update to version 1.31.10, 1.34.4 or later.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-25813
Common Vulnerability Exposure (CVE) ID: CVE-2020-25812
Common Vulnerability Exposure (CVE) ID: CVE-2020-25815
Common Vulnerability Exposure (CVE) ID: CVE-2020-17367
Common Vulnerability Exposure (CVE) ID: CVE-2020-17368
Common Vulnerability Exposure (CVE) ID: CVE-2020-25814
Common Vulnerability Exposure (CVE) ID: CVE-2020-25828
Common Vulnerability Exposure (CVE) ID: CVE-2020-25869
Common Vulnerability Exposure (CVE) ID: CVE-2020-25827
Common Vulnerability Exposure (CVE) ID: CVE-2020-26120
Common Vulnerability Exposure (CVE) ID: CVE-2020-26121
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.