Search for vulnerabilities
| Vulnerability ID | VCID-9444-32xj-6yep |
| Aliases |
CVE-2020-10960
GHSA-pfm2-mqwj-ggm5 |
| Summary | MediaWiki makeCollapsible allows applying event handler to any CSS selector In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS). |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3 | 5.3 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10960.json |
| epss | 0.0029 | https://api.first.org/data/v1/epss?cve=CVE-2020-10960 |
| cvssv3.1 | 5.3 | https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10960.yaml |
| generic_textual | MODERATE | https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10960.yaml |
| cvssv3.1 | 5.3 | https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html |
| generic_textual | MODERATE | https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html |
| cvssv3.1 | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-10960 |
| generic_textual | MODERATE | https://nvd.nist.gov/vuln/detail/CVE-2020-10960 |
| cvssv3.1 | 5.3 | https://phabricator.wikimedia.org/T246602 |
| generic_textual | MODERATE | https://phabricator.wikimedia.org/T246602 |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.52023 |
| EPSS Score | 0.0029 |
| Published At | June 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-01T12:28:01.700806+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pfm2-mqwj-ggm5/GHSA-pfm2-mqwj-ggm5.json | 36.1.3 |