Published: 18/12/2020 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

In MediaWiki prior to 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)

Vulnerable Product	Search on Vulmon	Subscribe to Product
mediawiki mediawiki
debian debian linux 10.0
fedoraproject fedora 33

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting or the disclosure of hidden users For the stable distribution (buster), these problems have been fixed in version 1:13112-1~deb10u1 We recommend that you upgrade your mediawiki packages For the detailed sec ...

In MediaWiki before 1351, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it (The right column with the changeable groups is not affected and is ...

CWE-79 https://phabricator.wikimedia.org/T268917 https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html https://www.debian.org/security/2020/dsa-4816 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/https://nvd.nist.gov https://www.debian.org/security/2020/dsa-4816

CVE-2020-35475

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect