CVE-2020-35622

Name of the Vulnerable Software and Affected Versions MediaWiki versions through 1.35.1 GlobalUsage extension for MediaWiki versions through 1.35.1

Description An issue was discovered in the GlobalUsage extension for MediaWiki. The SpecialGlobalUsage.php file calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions.

Recommendations For MediaWiki versions through 1.35.1, update to a version that properly escapes the $page variable within the formatItem function to prevent XSS. For the GlobalUsage extension, ensure that the WikiMap::makeForeignLink function is called safely and the $page variable is properly escaped to mitigate the risk of exploitation.