CVE-2021-42041

MEDIUM6.1EPSS 0.51%

Published: 3/6/2024Modified: 4/3/2025

Description

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.

Affected packages (1)

Bitnami/mediawikifrom 0, < 1.36.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (3)

WEBhttps://gerrit.wikimedia.org/r/q/I7aeaa6e4de5ccaa5eeb6bf4fb00c96b01d5fea35
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-42041
WEBhttps://phabricator.wikimedia.org/T291696