VDB

GCVE-110-MAGEIA-2020-167

GCVE-110-MAGEIA-2020-167
Advisory Published
Vulnetix · Advisory published April 15, 2020
Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.7, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS) (CVE-2020-10960).

Affected Products

VendorProductVersionsPlatforms
Mageiamediawiki0 (affected), 1.31.7-1.mga7 (unaffected), 0 (affected), 1.31.7-1.mga7 (unaffected)
Mageiaxfsprogs0 (affected), 5.7.0-1.mga7 (unaffected)

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›