CVE-2020-35622

Sažetak

An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions.

Reference

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GlobalUsage/+/646744
https://phabricator.wikimedia.org/T268341

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

22-12-2020 - 04:33

Objavljeno

21-12-2020 - 23:15