CVE-2021-36131

描述

An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users.

受影響套件(1)

• Bitnami/mediawikifrom 0, < 1.36.1

CVSS 分數

參考連結(3)

• WEBhttps://gerrit.wikimedia.org/r/q/Ic312cc9b8463c8e7c3298a661abfcff2cc2332cb
• WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-36131
• WEBhttps://phabricator.wikimedia.org/T281196