CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-41798
https://notcve.org/view.php?id=CVE-2021-41798
MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. MediaWiki versiones anteriores a 1.36.2, permite una vulnerabilidad de tipo XSS. Los mensajes de MediaWiki relacionados con el mes no se escapan antes de ser usados en la página de resultados Special:Search • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX https://phabricator.wikimedia.org/T285515 https://security.gentoo.org/glsa/202305-24 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41799
https://notcve.org/view.php?id=CVE-2021-41799
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan. MediaWiki versiones anteriores a 1.36.2, permite una denegación de servicio (consumo de recursos debido a un largo tiempo de procesamiento de la consulta). ApiQueryBacklinks (action=query&list=backlinks) puede causar un escaneo completo de la tabla • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5 https://phabricator.wikimedia.org/T290394 https://security.gentoo.org&#x • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41800
https://notcve.org/view.php?id=CVE-2021-41800
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled. MediaWiki versiones anteriores a 1.36.2, permite una denegación de servicio (consumo de recursos debido a un largo tiempo de procesamiento de consultas). Visitando Special:Contributions puede resultar a veces en una consulta SQL de larga duración porque la protección de PoolCounter está manejada inapropiadamente • https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5& • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42045
https://notcve.org/view.php?id=CVE-2021-42045
An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote. Se ha detectado un problema en SecurePoll en la extensión Growth en MediaWiki versiones hasta 1.36.2. Las encuestas simples permiten a los usuarios crear alertas cambiando su encabezado HTTP User-Agent y enviando un voto • https://gerrit.wikimedia.org/r/q/I4f04083cd00884d3b85245460774c81c7639a578 https://phabricator.wikimedia.org/T289385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42046
https://notcve.org/view.php?id=CVE-2021-42046
An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript. Se ha detectado un problema en la extensión GlobalWatchlist de MediaWiki versiones hasta 1.36.2. Los mensajes rev-deleted-user y ntimes no son escapados apropiadamente y permitían a usuarios inyectar HTML y JavaScript • https://gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d https://gerrit.wikimedia.org/r/q/Id2204fb5afe591d63764466de35ac0aaa5999983 https://phabricator.wikimedia.org/T286385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •