Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41798)

Description

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.

Remediation

References

Related Vulnerabilities

Drupal CVE-2020-13665 Vulnerability (CVE-2020-13665)

osTicket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-15580)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors SQL Injection (2.0.2)

WebLogic CVE-2022-21258 Vulnerability (CVE-2022-21258)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0213)

Severity

Medium

Classification

CVE-2021-41798 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities