8 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-35478
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via...
Security fix for the ALT Linux 9 package mediawiki version 1.35.1-alt1
1.35.1-alt1 built Dec. 30, 2020 Vitaly Lipatov in task 263837 Dec. 23, 2020 Vitaly Lipatov - new version 1.35.1 with rpmrb script - T268894, CVE-2020-35474, T268917, CVE-2020-35475 - T268938, CVE-2020-35478, CVE-2020-35479 - T205908, CVE-2020-35477, T120883, CVE-2020-35480...
Fedora 33 : mediawiki (2020-0be2d40e13)
https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December /000268.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible witho...
MediaWiki < 1.31.11, 1.32 < 1.35.1 Multiple Vulnerabilities - Linux
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
MediaWiki < 1.31.11, 1.32 < 1.35.1 Multiple Vulnerabilities - Windows
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
CVE-2020-35478
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink. This affects MediaWiki 1.33.0 and later...
CVE-2020-35478
creationtimestamp| type| source ---|---|--- 2020-12-18 12:46:47+00:00| seen| https://t.me/cibsecurity/21052...
CVE-2020-35478
MediaWiki prior to version 1.35.1 is vulnerable to cross-site scripting via BlockLogFormatter.php, with MediaWiki:blanknamespace potentially outputting raw HTML using SCRIPT tags through LogFormatter::makePageLink(). Affected pages include MediaWiki 1.33.0 and later. The issue is documented acros...