An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML. References: https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592 https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
Created mediawiki tracking bugs for this issue: Affects: fedora-all [bug 1903769]
Upstream commit: https://github.com/wikimedia/mediawiki/commit/358c1ec070d4f989e049550d88b629ab166c6f15
External References: https://phabricator.wikimedia.org/T255918
Statement: OpenShift Container Platform (OCP) delivers the mediawiki package, but the vulnerable code is not bundled, therefore OCP is not affected by this flaw.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25812