Vulnerability Description
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | < 1.35.1 |
| Debian | Debian Linux | 10.0 |
| Fedoraproject | Fedora | 33 |
Related Weaknesses (CWE)
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.htMailing ListRelease NotesVendor Advisory
- https://phabricator.wikimedia.org/T268917Issue TrackingThird Party Advisory
- https://www.debian.org/security/2020/dsa-4816Third Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.htMailing ListRelease NotesVendor Advisory
- https://phabricator.wikimedia.org/T268917Issue TrackingThird Party Advisory
- https://www.debian.org/security/2020/dsa-4816Third Party Advisory
FAQ
What is CVE-2020-35475?
CVE-2020-35475 is a vulnerability with a CVSS score of 7.5 (HIGH). In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to cha...
How severe is CVE-2020-35475?
CVE-2020-35475 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35475?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki, Debian Debian Linux, Fedoraproject Fedora.