Published: 06/04/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue exists in MediaWiki prior to 1.31.12 and 1.32.x up to and including 1.35.x prior to 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mediawiki mediawiki
debian debian linux 10.0
fedoraproject fedora 33
fedoraproject fedora 34

Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in incomplete page/blocking protection, denial of service or cross-site scripting For the stable distribution (buster), these problems have been fixed in version 1:13114-1~deb10u1 We recommend that you upgrade your mediawiki packages F ...

An issue was discovered in MediaWiki before 13112 and 132x through 135x before 1352 On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to cross-site scripting (XSS) ...

CWE-79 https://phabricator.wikimedia.org/T278058 https://www.debian.org/security/2021/dsa-4889 https://security.gentoo.org/glsa/202107-40 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4889

CVE-2021-30157

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect