vulnerability

MediaWiki: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-42046)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Sep 29, 2022	Oct 3, 2022	Jan 28, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Sep 29, 2022

Added

Oct 3, 2022

Modified

Jan 28, 2025

Description

An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.

Solution

mediawiki-upgrade-latest

References

CVE-2021-42046
https://attackerkb.com/topics/CVE-2021-42046
URL-https://gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d
URL-https://gerrit.wikimedia.org/r/q/Id2204fb5afe591d63764466de35ac0aaa5999983
URL-https://phabricator.wikimedia.org/T286385

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today