Description

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.

Remediation

References

CVE-2021-42041

Related Vulnerabilities

Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51489)

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (6.0.11)

Lighttpd Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2015-3200)

SharePoint CVE-2021-24071 Vulnerability (CVE-2021-24071)

SharePoint CVE-2020-1503 Vulnerability (CVE-2020-1503)

Severity

Medium

Classification

CVE-2021-42041 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities