CVE-2021-36130

Published: Jul 2, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://phabricator.wikimedia.org/T281043

x_refsource_MISC

https://gerrit.wikimedia.org/r/q/Id915eba45497a1a0dc1c4e00818a2fd4c0ce55d3

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-36130

Description

Affected Products

References