CVE-2020-27957

CVSS v3.1

5.4

Medium

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki extension RandomGameUnit versions through 1.35

Description The issue concerns the RandomGameUnit extension for MediaWiki, where certain title-related data was not properly escaped. This allowed for the manipulation of game names or titles to generate stored XSS within the extension when specific types of games were created.

Recommendations For versions through 1.35, consider disabling the RandomGameUnit extension until a proper fix is available to prevent potential stored XSS attacks. Restrict access to game creation features to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2020-3022

ALT-PU-2020-3055

BIT-MEDIAWIKI-2020-27957

CVE-2020-27957

Affected Products

Alt Linux

Mediawiki

Randomgameunit

CVE-2020-27957

Weakness Enumeration

Related Identifiers

Affected Products

References · 41