CVE-2020-35474 log

Source
Severity Low
Remote Yes
Type Cross-site scripting
Description
In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.
Group Package Affected Fixed Severity Status Ticket
AVG-1371 mediawiki 1.35.0-1 1.35.1-1 Medium Fixed FS#69132
Date Advisory Group Package Severity Type
12 Jan 2021 ASA-202101-22 AVG-1371 mediawiki Medium multiple issues
References
https://phabricator.wikimedia.org/T268894
https://github.com/wikimedia/mediawiki/commit/a8b1d863bccc6b326329d0593f8126c351c6e1be
Notes
Workaround
==========

The problematic message was added with 1.35 and is behind a feature flag ($wgWatchlistExpiry) which is not enabled by default. Disabling this feature flag mitigates the issue.