CVE-2020-35478
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.
MEDIUM · CVSS 6.1
EPSS 0.00446
Schedule remediation
- Public exploit or PoC is available
Sigma rules0
YARA rules0