Ivanti Acquires Two Security Companies

Ivanti Acquires Two Security Companies
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database CVE-2020-26120PUBLISHED: 2020-09-27

XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even witho...

CVE-2020-26121PUBLISHED: 2020-09-27

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an uploa...

CVE-2020-25812PUBLISHED: 2020-09-27

An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.

CVE-2020-25813PUBLISHED: 2020-09-27

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.

CVE-2020-25814PUBLISHED: 2020-09-27

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns ..