5 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-30458
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform...
GLSA-202107-40 : MediaWiki: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202107-40 MediaWiki: Multiple vulnerabilities Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for...
Security fix for the ALT Linux 9 package mediawiki version 1.35.2-alt1
April 24, 2021 Vitaly Lipatov 1.35.2-alt1 - new version 1.35.2 with rpmrb script - T270453, CVE-2021-30153 T270713, CVE-2021-30152 - T270988, CVE-2021-30155 T272386, CVE-2021-30159 - T276843, CVE-2021-20270, CVE-2021-27291 - T277009, CVE-2021-30158 T278014, CVE-2021-30154 - T278058, CVE-2021-3015...
CVE-2021-30458
Wikimedia Parsoid (before 0.11.1 and 0.12.x before 0.12.2) contains a XSS vector where crafted wikitext can be transformed by Utils/WTUtils.php via a tag, bypassing sanitization. This is a code-path issue leading to potential XSS. Remediation: upgrade to Parsoid 0.11.1 or 0.12.2 (the fixed relea...
CVE-2021-30458
An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS...