CVE-2020-35475 — Cross-site Scripting in Mediawiki

CWE-79 — Cross-site Scripting CWE-116 — Improper Encoding or Escaping of Output5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 30.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki Debian Linux +1 more

Timeline

PublishedDec 18

Latest updateMay 24

Description

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1:1.35.1-1 (bookworm)

▶NVDmediawiki/mediawiki< 1.35.1

▶Debianmediawiki/mediawiki< 1:1.35.1-1+3

Also affects: Debian Linux 10.0, Fedora 33

🔴Vulnerability Details

GHSA

GHSA-qv45-6hw7-469f: In MediaWiki before 1↗2022-05-24

▶

OSV

CVE-2020-35475: In MediaWiki before 1↗2020-12-18

▶

📋Vendor Advisories

Red Hat

mediawiki: messages userrights-expiry-current and userrights-expiry-none can contain raw html↗2020-12-18

▶

Debian

CVE-2020-35475: mediawiki - In MediaWiki before 1.35.1, the messages userrights-expiry-current and userright...↗2020

▶