Vulnerability Details CVE-2020-27620
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://gerrit.wikimedia.org/r/c/mediawiki/skins/Cosmos/+/634749
- https://gerrit.wikimedia.org/r/c/mediawiki/skins/Cosmos/+/634751
- https://gerrit.wikimedia.org/r/c/mediawiki/skins/Cosmos/+/634752
- https://phabricator.wikimedia.org/T265440
- https://gerrit.wikimedia.org/r/c/mediawiki/skins/Cosmos/+/634749
- https://gerrit.wikimedia.org/r/c/mediawiki/skins/Cosmos/+/634751
- https://gerrit.wikimedia.org/r/c/mediawiki/skins/Cosmos/+/634752
- https://phabricator.wikimedia.org/T265440