XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-27T20:07:52
Updated: 2024-08-04T15:49:07.061Z
Reserved: 2020-09-27T00:00:00
Link: CVE-2020-26120
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-09-27T21:15:13.000
Modified: 2023-11-07T03:20:30.253
Link: CVE-2020-26120
Redhat