{"vulnerability": "CVE-2020-25814", "sightings": [{"uuid": "ee642b30-8db9-47e9-bf73-19ba5ec2b0cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25814", "type": "seen", "source": "https://t.me/cibsecurity/14911", "content": "\u203c CVE-2020-25814 \u203c\n\nIn MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an  tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an &lt;a href =\"javascript... that executes when clicked.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-28T00:48:53.000000Z"}]}