First published: Mon Dec 21 2020(Updated: )
An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MediaWiki MediaWiki | <=1.35.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35622 is an issue discovered in the GlobalUsage extension for MediaWiki through version 1.35.1 that allows for XSS under certain conditions.
The severity of CVE-2020-35622 is medium with a score of 6.1.
CVE-2020-35622 affects Mediawiki versions up to and including 1.35.1.
To fix CVE-2020-35622, update the GlobalUsage extension for Mediawiki to a version beyond 1.35.1.
CWE-79 refers to Cross-Site Scripting (XSS), which is the vulnerability exploited by CVE-2020-35622.