Skip to content

NuytsTech Security

  • Home
  • Terms of Use
    • Privacy Policy
  • Blog
  • Cloud Hosting
  • Contact

NuytsTech Security

  • Home
  • Terms of Use
    • Privacy Policy
  • Blog
  • Cloud Hosting
  • Contact
  • Vulnerabilities

CVE-2020-25814

by Fred · 27/09/2020

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an tag (or it does not have a href attribute, or it’s empty, etc.). The actual result is that the object contains an https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/

Share this:

  • Click to share on X (Opens in new window) X
  • Click to share on Bluesky (Opens in new window) Bluesky
  • Click to share on Facebook (Opens in new window) Facebook
  • Click to share on LinkedIn (Opens in new window) LinkedIn
  • Click to share on Threads (Opens in new window) Threads
  • Click to share on Mastodon (Opens in new window) Mastodon

Similar

Tags: Cybersecurity Alert

  • Next story CVE-2020-24562
  • Previous story CVE-2020-26117

Recent Posts

  • CVE-2025-6081
  • CVE-2025-5967
  • CVE-2025-6940
  • CVE-2025-6939
  • CVE-2025-6938
  • CVE-2025-53096
  • CVE-2025-53095
  • CVE-2025-53003
  • CVE-2025-6937
  • CVE-2025-53005
  • CVE-2025-36056
  • CVE-2025-2141
  • CVE-2025-6936
  • CVE-2025-6935
  • CVE-2025-6932
  • CVE-2025-6931
  • CVE-2025-6930
  • CVE-2025-6554
  • CVE-2025-6929
  • CVE-2025-53004
  • CVE-2025-49521
  • CVE-2025-49520
  • CVE-2025-32463
  • CVE-2025-32462
  • CVE-2025-52997
  • CVE-2025-52996
  • CVE-2025-52995
  • CVE-2025-52901
  • CVE-2025-52491
  • CVE-2025-49493

Categories

  • Critical cyberalert
  • Vulnerabilities

Tags

CISA Cybersecurity Alert Shields Up

© 1999-2025 NUYTSTECH. All Rights Reserved. Use of the CVE (Common Vulnerabilities and Exposures) from this non-profit website are subject to the terms of use.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.