EPSS
Percentile
47.8%
MediaWik is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via MediaWiki:blanknamespace in BlockLogFormatter.php.
MediaWiki:blanknamespace
BlockLogFormatter.php
lists.fedoraproject.org/archives/list/[email protected]/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html
phabricator.wikimedia.org/T268938
security-tracker.debian.org/tracker/CVE-2020-35478