CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42041
https://notcve.org/view.php?id=CVE-2021-42041
An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log. Se ha detectado un problema en CentralAuth en MediaWiki versiones hasta 1.36.2. El mensaje rightsnone de MediaWiki no estaba siendo saneado correctamente y permitía una inyección y ejecución de HTML y JavaScript por medio del registro setchange • https://gerrit.wikimedia.org/r/q/I7aeaa6e4de5ccaa5eeb6bf4fb00c96b01d5fea35 https://phabricator.wikimedia.org/T291696 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42042
https://notcve.org/view.php?id=CVE-2021-42042
An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript. Se ha detectado un problema en SpecialEditGrowthConfig en la extensión GrowthExperiments en MediaWiki versiones hasta 1.36.2. El mensaje growthexperiments-edit-config-error-invalid-title de MediaWiki no estaba siendo saneado apropiadamente y permitía una inyección y ejecución de HTML y JavaScript • https://gerrit.wikimedia.org/r/q/Ibeb13d032ca044af53f6b2334e27b6b97b6f4e9f https://phabricator.wikimedia.org/T290692 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42043
https://notcve.org/view.php?id=CVE-2021-42043
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query. Se ha detectado un problema en la función Special:MediaSearch en la extensión MediaSearch en MediaWiki versiones hasta 1.36.2. El texto de la sugerencia (un parámetro de mediasearch-did-you-mean) no saneaba apropiadamente y permitía una inyección y ejecución de HTML y JavaScript por medio del operador de búsqueda intitle: dentro de la consulta • https://gerrit.wikimedia.org/r/q/If64eb5842237c92290d07ebc3fe14710d9de3fc2 https://phabricator.wikimedia.org/T291600 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42044
https://notcve.org/view.php?id=CVE-2021-42044
An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript. Se ha detectado un problema en el panel de control de Mentor en la extensión GrowthExperiments en MediaWiki versiones hasta 1.36.2. Los encabezados Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, y growthexperiments-mentor-dashboard-mentee-overview-active-ago Los mensajes de MediaWiki no estaban siendo saneados correctamente y permitían una inyección y ejecución de HTML y JavaScript • https://gerrit.wikimedia.org/r/q/I858d55fb2eca9b50ac6ef5a6f2a7b2784f0fa0d6 https://phabricator.wikimedia.org/T289408 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-31556
https://notcve.org/view.php?id=CVE-2021-31556
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob. Se ha detectado un problema en la extensión Oauth para MediaWiki versiones hasta 1.35.2. El archivo MWOAuthConsumerSubmitControl.php no asegura que la longitud de una clave RSA encaje en un blob de MySQL. • https://gerrit.wikimedia.org/r/q/I13ff0350a9a0a3cd5ab3e1f82dd0d8d9c13cf9e9 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX https://phabricator.wikimedia.org/T277380 • CWE-1284: Improper Validation of Specified Quantity in Input •