CVE-2020-6163

The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).

packagechannelchannel versionpkg versionstatus
mediawiki
nixos-unstable
2020-11-21 17:05:25 UTC (a322b3)1.35.0vulnerable
2020-11-21 10:55:23 UTC (662528)1.35.0vulnerable
2020-11-20 00:35:36 UTC (069f18)1.35.0vulnerable
2020-11-15 21:10:35 UTC (2deeb5)1.35.0vulnerable
2020-11-13 02:15:20 UTC (a371c1)1.35.0vulnerable
2020-11-11 00:50:18 UTC (b839d4)1.35.0vulnerable
2020-11-08 14:00:30 UTC (a52e97)1.35.0vulnerable
2020-11-03 18:20:15 UTC (34ad16)1.35.0vulnerable
2020-10-28 04:50:21 UTC (1dc373)1.35.0vulnerable
2020-10-27 00:41:02 UTC (5d0e2d)1.35.0vulnerable