Vulnerabilities

CVE-2020-35474

by Fred · 18/12/2020

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.

Date published : 2020-12-18

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/

https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html

Similar

Tags: Cybersecurity Alert