Back to search
CVE-2020-35479
Published: Dec 18, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://phabricator.wikimedia.org/T268938
x_refsource_MISC
DSA-4816
vendor-advisory
x_refsource_DEBIAN
[debian-lts-announce] 20201223 [SECURITY] [DLA 2504-1] mediawiki security update
mailing-list
x_refsource_MLIST
FEDORA-2020-0be2d40e13
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now