CVE-2020-35479 in MediaWikiinfo

Summary

by MITRE • 12/18/2020

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!