CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-6163

The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.1%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://gerrit.wikimedia.org/r/558203
https://phabricator.wikimedia.org/T240773
https://gerrit.wikimedia.org/r/558203
https://phabricator.wikimedia.org/T240773

Products affected by CVE-2020-6163

Mediawiki » Mediawiki » Version: 1.35

cpe:2.3:a:mediawiki:mediawiki:1.35

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-6163

Products

Pricing

Contact Us