Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-35475

Опубликовано: 18 дек. 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11mediawikiWill not fix
Red Hat OpenShift Container Platform 4mediawikiOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1909224mediawiki: messages userrights-expiry-current and userrights-expiry-none can contain raw html

EPSS

Процентиль: 69%
0.00592
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-35475

CVSS3: 7.5
ubuntu
около 5 лет назад

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)

nvd логотип

CVE-2020-35475

CVSS3: 7.5
nvd
около 5 лет назад

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)

debian логотип

CVE-2020-35475

CVSS3: 7.5
debian
около 5 лет назад

In MediaWiki before 1.35.1, the messages userrights-expiry-current and ...

github логотип

GHSA-qv45-6hw7-469f

CVSS3: 7.5
github
больше 3 лет назад

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)

fstec логотип

BDU:2021-01772

CVSS3: 7.5
fstec
около 5 лет назад

Уязвимость сообщений userrights-expiry-current и userrights-expiry-none программного средства для реализации гипертекстовой среды MediaWiki, связанная с недостатком механизма кодирования или экранирования выходных данных, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 69%
0.00592
Низкий

7.5 High

CVSS3