WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42047)

Description

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback.

Remediation

References

Related Vulnerabilities

WordPress Plugin Grid Gallery-Photo Image Grid Gallery Cross-Site Scripting (1.2.4)

WordPress Plugin Image Export Arbitrary File Download (1.1.0)

e107 Other Vulnerability (CVE-2005-2805)

Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-13671)

WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (4.6.12)

Severity

Medium

Classification

CVE-2021-42047 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities