CVE-2020-10960: 
PHP vulnerability analysis and mitigation

CVE-2020-10960 affects MediaWiki before version 1.34.1, where users could add various Cascading Style Sheets (CSS) classes which could affect what content is shown or hidden in the application. The vulnerability was discovered and disclosed in March 2020, with patches released as part of MediaWiki versions 1.31.7, 1.33.3, and 1.34.1 (MediaWiki Release).

The vulnerability allowed users to manipulate CSS classes that control content visibility within MediaWiki installations. This could potentially lead to unauthorized control over content display and hiding mechanisms in the application. The issue was addressed in the security maintenance release of MediaWiki 1.34.1, along with other versions including 1.31.7 and 1.33.3 (MediaWiki Release).

The vulnerability could allow attackers to manipulate content visibility through CSS class manipulation, potentially affecting the display or hiding of content in MediaWiki installations. This could lead to unauthorized control over content presentation and potentially impact the integrity of wiki page displays (MediaWiki Release).

The vulnerability was patched in MediaWiki versions 1.31.7, 1.33.3, and 1.34.1. Users were advised to upgrade to these versions to address the security issue. The developers noted that due to the minor nature of the vulnerability, immediate patching was not critical if organizations were unable to update immediately (MediaWiki Release).