CVE-2020-6163

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WikibaseMediaInfo extension version 1.35

Description The issue arises from improper template syntax within the PropertySuggestionsWidget template, specifically in the templates/search/PropertySuggestionsWidget.mustache+dom file, allowing for XSS.

Recommendations For WikibaseMediaInfo extension version 1.35, consider updating the PropertySuggestionsWidget template to correct the improper syntax and prevent XSS attacks. As a temporary workaround, restrict access to the PropertySuggestionsWidget template until a proper fix is applied.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-MEDIAWIKI-2020-6163

CVE-2020-6163

Affected Products

Wikibasemediainfo

CVE-2020-6163

Weakness Enumeration

Related Identifiers

Affected Products

References · 5