Lucene search
K

7 matches found

BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.6 views

The vulnerability of the “userrights-expiry-current” and “userrights-expiry-none” messages in the MediaWiki software environment, related to a lack of mechanisms for encoding or shielding output data, allows attackers to gain access to confidential information.

The vulnerability of the “userrights-expiry-current” and “userrights-expiry-none” messages in the MediaWiki software, which is used to implement the hypertext environment, is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability could allow a...

7.5CVSS7.1AI score0.01573EPSS
Exploits0References7Affected Software4
OpenVAS
OpenVAS
added 2020/12/22 12:0 a.m.24 views

MediaWiki < 1.31.11, 1.32 < 1.35.1 Multiple Vulnerabilities - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

7.5CVSS6.1AI score0.01573EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2020/12/18 5:9 p.m.30 views

CVE-2020-35475

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colum...

7.5CVSS0.8AI score0.01573EPSS
Exploits0References3
Prion
Prion
added 2020/12/18 8:15 a.m.20 views

Design/Logic Flaw

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colum...

5CVSS7.1AI score0.01573EPSS
Exploits0References4Affected Software3
Debian CVE
Debian CVE
added 2020/12/18 7:32 a.m.23 views

CVE-2020-35475

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colum...

7.5CVSS7.2AI score0.01573EPSS
Exploits0
CVE
CVE
added 2020/12/18 7:32 a.m.90 views

CVE-2020-35475

CVE-2020-35475 affects MediaWiki before 1.35.1. The vulnerability arises when certain messages, specifically userrights-expiry-current and userrights-expiry-none, contain raw HTML, allowing cross-site scripting (XSS) if a user visits Special:UserRights and cannot change all userrights; the left-h...

7.5CVSS7AI score0.01573EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2020/12/18 7:32 a.m.30 views

CVE-2020-35475

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colum...

7.1AI score0.01573EPSS
Exploits0References4
Rows per page
Query Builder