6 matches found
Fedora: Security Advisory for mediawiki (FEDORA-2021-eee8b7514f)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for mediawiki (FEDORA-2021-56d8173b5e)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Updated mediawiki packages fix security vulnerability
XSS vulnerability in Special:Search. CVE-2021-41798 ApiQueryBacklinks can cause a full table scan. CVE-2021-41799 Fix PoolCounter protection of Special:Contributions. CVE-2021-41800 ReplaceText continues performing actions if the user no longer has the correct permission such as by being blocked...
CVE-2021-41798
MediaWiki before 1.36.2 is affected by CVE-2021-41798. The issue arises because month-related MediaWiki messages are not escaped before being used on the Special:Search results page, enabling cross-site scripting (XSS). The vulnerability is addressed by upgrading to MediaWiki 1.36.2 or newer (and...
FreeBSD : mediawiki -- multiple vulnerabilities (f84ab297-2285-11ec-9e79-08002789875b)
MediaWiki reports : T285515, CVE-2021-41798 SECURITY: XSS vulnerability in Special:Search. T290379, CVE-2021-41799 SECURITY: ApiQueryBacklinks can cause a full table scan. T284419, CVE-2021-41800 SECURITY: fix PoolCounter protection of Special:Contributions. T279090, CVE-2021-41801 SECURITY:...
CVE-2021-41798
Cross-site scripting XSS vulnerability was found in mediawiki. Due to insufficient sanitization of user-supplied data in Special:Search function a remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website...