First published: Wed Oct 06 2021(Updated: )
An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MediaWiki MediaWiki | <=1.36.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-42046 is medium (6.1).
The GlobalWatchlist extension in MediaWiki through version 1.36.2 is affected by CVE-2021-42046.
The vulnerability type of CVE-2021-42046 is CWE-79 (Cross-site Scripting).
An attacker can exploit CVE-2021-42046 by injecting HTML and JavaScript using the rev-deleted-user and ntimes messages in the GlobalWatchlist extension.
Yes, fixes for CVE-2021-42046 are available. Please refer to the provided references for more information.