CVE-2020-35477

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.35.1

Description The issue is related to a lack of input validation mechanism in MediaWiki, which can be exploited by a remote attacker to impact data integrity. Specifically, when MediaWiki:Mainpage is set to Special:MyLanguage/Main Page, visiting a log entry on Special:Log and toggling the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it results in a redirection to the main page's action=historysubmit, instead of displaying a revision-deletion form as expected.

Recommendations For MediaWiki versions prior to 1.35.1, update to version 1.35.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the "Change visibility of selected log entries" checkbox (or tags checkbox) on Special:Log pages until the update is applied.