CVE-2021-41798

Опубликовано: 30 сент. 2021

Источник: redhat

CVSS3: 6.1

Описание

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.

Cross-site scripting (XSS) vulnerability was found in mediawiki. Due to insufficient sanitization of user-supplied data in Special:Search function a remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 3.11	mediawiki	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=2009507mediawiki: Cross-site scripting (XSS) in Special:Search

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2021-41798

CVSS3: 6.1

ubuntu

больше 4 лет назад

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.

CVE-2021-41798

CVSS3: 6.1

nvd

больше 4 лет назад

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.

CVE-2021-41798

CVSS3: 6.1

debian

больше 4 лет назад

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages a ...

GHSA-6w7p-46mm-c2fc

CVSS3: 6.1

github

больше 3 лет назад

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.

6.1 Medium

CVSS3