WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41798)

Description

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.

Remediation

References

Related Vulnerabilities

MySQL CVE-2017-3243 Vulnerability (CVE-2017-3243)

Zenphoto Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-0993)

WordPress Other Vulnerability (CVE-2016-2221)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0324)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2009-3094)

Severity

Medium

Classification

CVE-2021-41798 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities