Security Advisory

CVE-2020-35474

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-12-18 07:30:48

Last updated 2024-08-04 17:02:08

Assigner mitre

State PUBLISHED

Description

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.

← Browse all CVEs View on cve.org ↗