CVE-2020-35474 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Cross-site scripting
Description	In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1371	mediawiki	1.35.0-1	1.35.1-1	Medium	Fixed	FS#69132

Date	Advisory	Group	Package	Severity	Type
12 Jan 2021	ASA-202101-22	AVG-1371	mediawiki	Medium	multiple issues

References
https://phabricator.wikimedia.org/T268894 https://github.com/wikimedia/mediawiki/commit/a8b1d863bccc6b326329d0593f8126c351c6e1be

Notes
Workaround ========== The problematic message was added with 1.35 and is behind a feature flag ($wgWatchlistExpiry) which is not enabled by default. Disabling this feature flag mitigates the issue.