CVE-2020-6163

MEDIUM

WikibaseMediaInfo extension 1.35 - XSS

Title source: llm
STIX 2.1

Description

The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).

References (2)

Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://phabricator.wikimedia.org/T240773
Third Party Advisory x_refsource_misc
https://gerrit.wikimedia.org/r/558203

Scores

CVSS v3 6.1
EPSS 0.0033
EPSS Percentile 55.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
mediawiki/mediawiki 1.35
Published Jan 08, 2020
Tracked Since Feb 18, 2026