Vulnerabilities

CVE-2020-35478

by Fred · 18/12/2020

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.

Date published : 2020-12-18

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/

https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html

Similar

Tags: Cybersecurity Alert