CVE-2021-42043

Published: Oct 6, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://phabricator.wikimedia.org/T291600

x_refsource_MISC

https://gerrit.wikimedia.org/r/q/If64eb5842237c92290d07ebc3fe14710d9de3fc2

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-42043

Description

Affected Products

References