Stored XSS Vulnerability in RandomGameUnit Extension for MediaWiki

Stored XSS Vulnerability in RandomGameUnit Extension for MediaWiki

CVE-2020-27957 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension.

Learn more about our Api Penetration Testing.