Description

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback.

Remediation

References

CVE-2021-42047

Related Vulnerabilities

WordPress Plugin Google Adsense and Hotel Booking Open Proxy (1.0.5)

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner Security Bypass (4.2.12)

Opencart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-21518)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.20)

WordPress Plugin SW Ajax WooCommerce Search Cross-Site Scripting (1.2.6)

Severity

Medium

Classification

CVE-2021-42047 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities