Description

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.

Remediation

References

CVE-2021-42041

Related Vulnerabilities

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29514)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Unspecified Vulnerability (2.9.24)

WordPress Plugin Nextend Facebook Connect Cross-Site Scripting (1.5.0)

WordPress Plugin Relevanssi Premium-A Better Search Multiple Vulnerabilities (1.14.4)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-10159)

Severity

Medium

Classification

CVE-2021-42041 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities