vulnerability
MediaWiki: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-31551)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Apr 22, 2021 | Apr 26, 2021 | Apr 26, 2021 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Apr 22, 2021
Added
Apr 26, 2021
Modified
Apr 26, 2021
Description
An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages.
Solution
mediawiki-upgrade-latest
References
- CVE-2021-31551
- https://attackerkb.com/topics/CVE-2021-31551
- URL-https://gerrit.wikimedia.org/r/q/I20b63bd38779d2ccbe2d86f9879df85ca3b685f6
- URL-https://gerrit.wikimedia.org/r/q/I5e0abbc2f80e6bda255b3b32a4df39a7fe7d3793
- URL-https://gerrit.wikimedia.org/r/q/Ibe68b070ee791cd0c8e7f50eb04ac4e066b1512c
- URL-https://phabricator.wikimedia.org/T259433
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.