CVE-2020-35477
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears).
We have discovered 7,918 live websites that are affected by CVE-2020-35477.
Details
- Published - Dec 18, 2020
- Updated - Aug 4, 2024
CVE References
CVE-2020-35477 usage by Country
 United States | 2,908 websites |
 Germany | 1,558 websites |
 France | 583 websites |
 Russia | 521 websites |
 Netherlands | 216 websites |
 Singapore | 194 websites |
 GB | 176 websites |
 Switzerland | 115 websites |
 Canada | 108 websites |
CVE-2020-35477 usage by TLD
| .com | 1,915 websites |
| .org | 1,711 websites |
| .de | 727 websites |
| .net | 649 websites |
| .ru | 420 websites |
| .info | 207 websites |
| .fr | 148 websites |
| .eu | 129 websites |
| .nl | 125 websites |
| .edu | 84 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2020-35477
Top websites that are affected by CVE-2020-35477. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com | United States | *,*** | |
| ****.********.org | United States | *,*** | |
| *******.com | United States | *,*** | |
| ****.***************.org | United States | **,*** | |
| **.************.com | United States | **,*** | |
| ****.*******.org | Canada | **,*** | |
| ****.*********.org | United States | **,*** | |
| ****.********.org | Germany | **,*** | |
| ******.org | United States | **,*** | |
| ******************.org | Germany | **,*** |
FAQ
A total of 7,918 websites have been identified as vulnerable to CVE-2020-35477, discovered through global website indexing conducted by WebTechSurvey.
MediaWiki is susceptible to CVE-2020-35477 vulnerability.
MediaWiki versions before 1.35.1 are vulnerable to CVE-2020-35477.
Version 1.35.1 of MediaWiki addresses the CVE-2020-35477 security vulnerability.
References
- https://phabricator.wikimedia.org/T205908
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html
- https://www.debian.org/security/2020/dsa-4816
- https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/