Lucene search

PRIOn knowledge basePRION:CVE-2021-42046

HistorySep 29, 2022 - 3:15 a.m.

Hardcoded credentials

2022-09-2903:15:00

PRIOn knowledge base

www.prio-n.com

globalwatchlist

html

javascript

injection

mediawiki

security issue

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.9%

JSON

An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.

CPENameOperatorVersion
mediawikile1.36.2

CPE	Name	Operator	Version
	mediawiki	le	1.36.2

References

gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d

gerrit.wikimedia.org/r/q/Id2204fb5afe591d63764466de35ac0aaa5999983

phabricator.wikimedia.org/T286385