Vulnerabilities

CVE-2020-35479

by Fred · 18/12/2020

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.

Date published : 2020-12-18

https://www.debian.org/security/2020/dsa-4816

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/

Similar

Tags: Cybersecurity Alert