Lucene search
K

30 matches found

NVD
NVD
added 2020/12/18 8:15 a.m.16 views

CVE-2020-35478

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink. This affects MediaWiki 1.33.0 and later...

6.1CVSS5.9AI score0.01353EPSS
Exploits1References3
OSV
OSV
added 2020/12/18 8:15 a.m.1 views

DEBIAN-CVE-2020-35478

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink. This affects MediaWiki 1.33.0 and later...

6.1CVSS6.3AI score0.01353EPSS
Exploits1References1
OSV
OSV
added 2020/12/18 8:15 a.m.1 views

UBUNTU-CVE-2020-35479

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later...

6.1CVSS6.8AI score0.01476EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2020/12/18 8:15 a.m.27 views

CVE-2020-35479

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later...

6.1CVSS6.7AI score0.01476EPSS
Exploits1References4
OSV
OSV
added 2020/12/18 8:15 a.m.1 views

UBUNTU-CVE-2020-35478

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink. This affects MediaWiki 1.33.0 and later...

6.1CVSS7.1AI score0.01353EPSS
Exploits1References5
Cvelist
Cvelist
added 2020/12/18 7:42 a.m.28 views

CVE-2020-35479

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later...

6.4AI score0.01476EPSS
Exploits1References5
Cvelist
Cvelist
added 2020/12/18 7:33 a.m.30 views

CVE-2020-35478

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink. This affects MediaWiki 1.33.0 and later...

6AI score0.01353EPSS
Exploits1References3
CNNVD
CNNVD
added 2020/12/18 12:0 a.m.5 views

MediaWiki 跨站脚本漏洞

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.35.1 that...

6.1CVSS6.7AI score0.01476EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2020/12/18 12:0 a.m.1 views

PT-2020-17338 · Wikimedia +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.33.0 through 1.35.1 Description: The issue allows for XSS via BlockLogFormatter.php, where MediaWiki:blanknamespace can potentially be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink. Recommendations: F...

7.5CVSS5.5AI score0.01573EPSS
Exploits5References35
Positive Technologies
Positive Technologies
added 2020/11/29 12:0 a.m.2 views

PT-2020-5805 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.12.0 through 1.35.0 Description: The issue is related to insufficient protection measures in the BlockLogFormatter.php component of MediaWiki, allowing a remote attacker to compromise data integrity. The problem lies in t...

7.5CVSS5.3AI score0.01573EPSS
Exploits5References54
Rows per page
Query Builder