Lucene search

K

MitreCVELIST:CVE-2020-35479

HistoryDec 18, 2020 - 7:42 a.m.

CVE-2020-35479

2020-12-1807:42:25

mitre

www.cve.org

1

6.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.2%

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.

References

lists.debian.org/debian-lts-announce/2020/12/msg00034.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/

lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html

phabricator.wikimedia.org/T268938

www.debian.org/security/2020/dsa-4816

6.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.2%

Related for CVELIST:CVE-2020-35479

ubuntucve1 osv4 redhatcve1 nvd1 prion1 veracode1 cve1 debiancve1 debian2 nessus3 openvas6 mageia1 fedora1 archlinux1 altlinux1