Lucene search

PRIOn knowledge basePRION:CVE-2021-30157

HistoryApr 06, 2021 - 7:15 a.m.

Cross site scripting

2021-04-0607:15:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.

CPENameOperatorVersion
debian_linuxeq10.0
fedoraeq33
fedoraeq34
mediawikige1.32.0
mediawikilt1.35.2
mediawikilt1.31.12

Name	Operator	Version
debian_linux	eq	10.0
fedora	eq	33
fedora	eq	34
mediawiki	ge	1.32.0
mediawiki	lt	1.35.2
mediawiki	lt	1.31.12

References

lists.fedoraproject.org/archives/list/[email protected]/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/

lists.fedoraproject.org/archives/list/[email protected]/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/

phabricator.wikimedia.org/T278058

security.gentoo.org/glsa/202107-40

www.debian.org/security/2021/dsa-4889