CVE-2020-26120

CVE-2020-26120

XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery’s parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM.

Source: CVE-2020-26120

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다