16 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-35479
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return o...
Mageia: Security Advisory (MGASA-2021-0086)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated mediawiki packages fix security vulnerability
In MediaWiki before 1.31.11, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colu...
Security fix for the ALT Linux 9 package mediawiki version 1.35.1-alt1
1.35.1-alt1 built Dec. 30, 2020 Vitaly Lipatov in task 263837 Dec. 23, 2020 Vitaly Lipatov - new version 1.35.1 with rpmrb script - T268894, CVE-2020-35474, T268917, CVE-2020-35475 - T268938, CVE-2020-35478, CVE-2020-35479 - T205908, CVE-2020-35477, T120883, CVE-2020-35480...
Fedora 33 : mediawiki (2020-0be2d40e13)
https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December /000268.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible witho...
[SECURITY] [DLA 2504-1] mediawiki security update
Debian LTS Advisory DLA-2504-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez December 22, 2020 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.27.7-1deb9u7 CVE ID : CVE-2020-15005 CVE-2020-35477 CVE-2020-35479 CVE-2020-35480 Multiple security...
Debian DLA-2504-1 : mediawiki security update
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work. CVE-2020-15005 Private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them...
Debian: Security Advisory (DLA-2504-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MediaWiki < 1.31.11, 1.32 < 1.35.1 Multiple Vulnerabilities - Linux
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
MediaWiki < 1.31.11, 1.32 < 1.35.1 Multiple Vulnerabilities - Windows
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
Debian DSA-4816-1 : mediawiki - security update
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting or the disclosure of hidden users. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
CVE-2020-35479
creationtimestamp| type| source ---|---|--- 2020-12-18 12:47:04+00:00| seen| https://t.me/cibsecurity/21066...
[SECURITY] [DSA 4816-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4816-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 18, 2020 https://www.debian.org/security/faq -...
DEBIAN-CVE-2020-35479
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later...
CVE-2020-35479
CVE-2020-35479 affects MediaWiki prior to 1.35.1. The vulnerability is due to XSS through BlockLogFormatter.php, caused by Language::translateBlockExpiry not escaping in all code paths (e.g., Language::userTimeAndDate returns HTML-unsafe month values). Affected versions include MediaWiki 1.12.0 a...
CVE-2020-35479
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later...