vulnerability

MediaWiki: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-42041)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Oct 6, 2021	Nov 26, 2021	Nov 26, 2021

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Oct 6, 2021

Added

Nov 26, 2021

Modified

Nov 26, 2021

Description

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.

Solution

mediawiki-upgrade-latest

References

CVE-2021-42041
https://attackerkb.com/topics/CVE-2021-42041
URL-https://gerrit.wikimedia.org/r/q/I7aeaa6e4de5ccaa5eeb6bf4fb00c96b01d5fea35
URL-https://phabricator.wikimedia.org/T291696

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today