Security Advisory

CVE-2020-35478

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-12-18 07:33:43

Last updated 2024-08-04 17:02:08

Assigner mitre

State PUBLISHED

Description

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.

← Browse all CVEs View on cve.org ↗