Description

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.

Remediation

References

CVE-2021-42041

Related Vulnerabilities

Django Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-23833)

MySQL CVE-2020-2770 Vulnerability (CVE-2020-2770)

WordPress Plugin Advanced AJAX Product Filters Security Bypass (1.3.6.1)

Oracle Database Server CVE-2006-0283 Vulnerability (CVE-2006-0283)

Jboss EAP Improper Access Control Vulnerability (CVE-2013-4213)

Severity

Medium

Classification

CVE-2021-42041 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities