Description

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback.

Remediation

References

CVE-2021-42047

Related Vulnerabilities

Jboss EAP Improper Input Validation Vulnerability (CVE-2010-3708)

WordPress Plugin Chamber Dashboard Member Manager Cross-Site Scripting (2.0.5)

MySQL CVE-2024-21125 Vulnerability (CVE-2024-21125)

PostgreSQL Out-of-bounds Write Vulnerability (CVE-2019-10164)

Liferay Portal CVE-2020-13444 Vulnerability (CVE-2020-13444)

Severity

Medium

Classification

CVE-2021-42047 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities