Lucene search
GoogleOSV:BIT-MEDIAWIKI-2021-42048HistoryMar 06, 2024 - 11:10 a.m.
BIT-mediawiki-2021-42048
2024-03-0611:10:01
Google
osv.dev
5
issue
discovered
growth
extension
mediawiki
1.36.2
admin
arbitrary javascript code
newcomer home page
footer
executed
viewers
zero edits
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
7
Confidence
High
EPSS
0.001
Percentile
22.7%
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.
Related
nvd
nvd
CVE-2021-42048
2022-09-29 03:15:14
cve
cve
CVE-2021-42048
2022-09-29 03:15:14
prion
prion
Code injection
2022-09-29 03:15:00
cvelist
cvelist
CVE-2021-42048
2021-10-06 20:47:15
osv
osv
CVE-2021-42048
2022-09-29 03:15:14
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
7
Confidence
High
EPSS
0.001
Percentile
22.7%
Related for OSV:BIT-MEDIAWIKI-2021-42048