Description

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)

Remediation

References

CVE-2021-41801

Related Vulnerabilities

WordPress Plugin About Author Cross-Site Scripting (1.3.9)

Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4693)

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3759)

WordPress Plugin HTML5 Video Player-Best WordPress Video Player and Block SQL Injection (2.5.24)

WordPress Plugin Knews Multilingual Newsletters Cross-Site Request Forgery (1.2.5)

Severity

High

Classification

CVE-2021-41801 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities