Description

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.

Remediation

References

CVE-2021-42041

Related Vulnerabilities

Django Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-33203)

Jetty Improper Neutralization of Quoting Syntax Vulnerability (CVE-2023-36479)

PHP Improper Input Validation Vulnerability (CVE-2016-10712)

WordPress Plugin LearnPress-WordPress LMS Cross-Site Scripting (4.1.6.5)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.15)

Severity

Medium

Classification

CVE-2021-42041 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities