Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 2020-0167: MediaWiki Security Update for CSS Issue

mageia
Calendar Grey April 15, 2020
Dist Mageia Esm H88
Mageia 2020-0168 addresses urgent vulnerability in MediaWiki impacting CSS functionality in the user interface.

Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.7, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is s...

Summary

Updated mediawiki packages fix security vulnerability:
In MediaWiki before 1.31.7, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS) (CVE-2020-10960).

References

- https://bugs.mageia.org/show_bug.cgi?id=26443

- https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/FHLX7QG75B5XNOAJZVGMPZTB3FJJPJLS/

- https://www.cve.org/CVERecord?id=CVE-2020-10960

Topics%20covered

Topics Covered

security advisory update software update cross-site scripting mediawiki Mageia CSS

Resolution

SRPMS

- 7/core/mediawiki-1.31.7-1.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 15 Apr 2020
URL: https://advisories.mageia.org/MGASA-2020-0167.html
Type: security
CVE: CVE-2020-10960

Topics%20covered

Topics Covered

security advisory update software update cross-site scripting mediawiki Mageia CSS

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here