| CVE-2020-35480 |
Low |
Yes |
Information disclosure |
An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden... |
| CVE-2020-35479 |
Medium |
Yes |
Cross-site scripting |
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the... |
| CVE-2020-35478 |
Medium |
Yes |
Cross-site scripting |
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via... |
| CVE-2020-35477 |
Low |
Yes |
Information disclosure |
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page,... |
| CVE-2020-35475 |
Medium |
Yes |
Cross-site scripting |
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits... |
| CVE-2020-35474 |
Low |
Yes |
Cross-site scripting |
In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of... |