CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Mediawiki: >> Skin >> cosmos Security Vulnerabilities

CVE-2020-27620

The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.

CVSS Score

6.1

EPSS Score

0.005

Published

2020-10-22

Page 1

Vulnerabilities

Vulnerable Software

Mediawiki: >> Skin >> cosmos Security Vulnerabilities

Products

Pricing

Contact Us