CVE-2021-42048: XSS
First published: Thu Sep 29 2022(Updated: )
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaWiki MediaWiki | <=1.36.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-42048.
What is the severity of CVE-2021-42048?
The severity of CVE-2021-42048 is medium with a CVSS score of 4.8.
What is the affected software of CVE-2021-42048?
The affected software of CVE-2021-42048 is MediaWiki version up to and including 1.36.2.
How can the vulnerability CVE-2021-42048 be exploited?
Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.
Are there any references for CVE-2021-42048?
Yes, you can find references for CVE-2021-42048 at the following links: [Link 1](https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537), [Link 2](https://phabricator.wikimedia.org/T289064).
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/tags
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mediawiki
- canonical/mediawiki mediawiki
- version/mediawiki mediawiki/1.36.2