vulnerability

MediaWiki: CVE-2021-46146: Improper Neutralization of Input During Web Page Generation

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Jan 10, 2022

Added

Jan 17, 2022

Modified

May 6, 2026

Description

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file.

Solution

mediawiki-upgrade-latest

References

CVE-2021-46146
https://attackerkb.com/topics/CVE-2021-46146
https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78
https://phabricator.wikimedia.org/T293556
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-32846
CWE-79
EUVD-EUVD-2021-32846

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report