Lucene search

MitreCVELIST:CVE-2021-46150

HistoryJan 07, 2022 - 5:53 a.m.

CVE-2021-46150

2022-01-0705:53:30

mitre

www.cve.org

xss

mediawiki

checkuserlog

cve-2021-46150

date mishandling

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October.

References

gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CheckUser/+/79c2c49a18f96b159258958feca90fce964c350a

phabricator.wikimedia.org/T292795