vulnerability
MediaWiki: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-41798)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Oct 11, 2021 | Nov 26, 2021 | Nov 8, 2023 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Oct 11, 2021
Added
Nov 26, 2021
Modified
Nov 8, 2023
Description
MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.
Solution
mediawiki-upgrade-1_36_2
References
- CVE-2021-41798
- https://attackerkb.com/topics/CVE-2021-41798
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
- URL-https://phabricator.wikimedia.org/T285515
- URL-https://security.gentoo.org/glsa/202305-24
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.