CVE-2021-45473

Опубликовано: 30 нояб. 2021

Источник: redhat

CVSS3: 6.1

EPSS Низкий

Описание

In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar).

A flaw was found in mediawiki through version 1.37. Wikibase item descriptions allow cross-site scripting attacks (XSS), which is triggered upon a visit to an action=info URL (aka a page-information sidebar).

Отчет

The mediawiki package was removed from OpenShift Container Platform (OCP) in version 4.3, therefore for OCP 4 has been marked as out of support scope.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 4	mediawiki	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=2036087mediawiki: XSS on page information Wikibase central description

EPSS

Процентиль: 55%

0.00326

Низкий

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2021-45473

CVSS3: 6.1

ubuntu

около 4 лет назад

In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar).

CVE-2021-45473

CVSS3: 6.1

nvd

около 4 лет назад

In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar).

GHSA-78f2-h8g8-qj93

github

около 4 лет назад

In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar).

EPSS

Процентиль: 55%

0.00326

Низкий

6.1 Medium

CVSS3