Description

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears).

Remediation

References

CVE-2020-35477

Related Vulnerabilities

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Cross-Site Scripting (5.0.06)

Oracle JRE CVE-2020-2803 Vulnerability (CVE-2020-2803)

WordPress Plugin Pricing Table by Supsystic Multiple Vulnerabilities (1.8.7)

WordPress Plugin Simplelife Cross-Site Request Forgery (1.2)

Collabtive Improper Input Validation Vulnerability (CVE-2012-2670)

Severity

Medium

Classification

CVE-2020-35477 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities