7 matches found
The vulnerability of the “userrights-expiry-current” and “userrights-expiry-none” messages in the MediaWiki software environment, related to a lack of mechanisms for encoding or shielding output data, allows attackers to gain access to confidential information.
The vulnerability of the “userrights-expiry-current” and “userrights-expiry-none” messages in the MediaWiki software, which is used to implement the hypertext environment, is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability could allow a...
MediaWiki < 1.31.11, 1.32 < 1.35.1 Multiple Vulnerabilities - Windows
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
CVE-2020-35475
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colum...
Design/Logic Flaw
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colum...
CVE-2020-35475
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colum...
CVE-2020-35475
CVE-2020-35475 affects MediaWiki before 1.35.1. The vulnerability arises when certain messages, specifically userrights-expiry-current and userrights-expiry-none, contain raw HTML, allowing cross-site scripting (XSS) if a user visits Special:UserRights and cannot change all userrights; the left-h...
CVE-2020-35475
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colum...