Miggo Logo
Miggo Vulnerability Database
CVE-2020-25815

CVE-2020-25815: MediaWiki Cross-site Scripting (XSS) vulnerability

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-25815
GHSA ID
GHSA-2f58-vf6g-6p8x
EPSS Score
0.57351%
CWE
CWE-79
Published
5/24/2022
Updated
5/17/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
mediawiki/corecomposer>= 1.32.0, < 1.34.31.34.3
mediawiki/corecomposer>= 1.35.0-rc.0, < 1.35.01.35.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly identifies LogEventList::getFiltersDesc as the source of insecure message handling. The provided code diff shows it originally used $message->text() to populate HTML options, which doesn't escape special characters. The security patch replaced this with 'options-messages' (which auto-escapes) and removed fallback logic for legacy messages, confirming the XSS vector was in this function's output generation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in M**i*Wiki *.**.x t*rou** *.**.x ***or* *.**.*. Lo**v*ntList::**t*ilt*rs**s* is ins**ur*ly usin* m*ss*** t*xt to *uil* options n*m*s *or *n *TML multi-s*l**t *i*l*. T** r*l*v*nt *o** s*oul* us* *s**p**() inst*** o* t*xt().

Reasoning

T** vuln*r**ility **s*ription *xpli*itly i**nti*i*s `Lo**v*ntList::**t*ilt*rs**s*` *s t** sour** o* ins**ur* m*ss*** **n*lin*. T** provi*** *o** *i** s*ows it ori*in*lly us** `$m*ss***->t*xt()` to popul*t* *TML options, w*i** *o*sn't *s**p* sp**i*l *