CVE-2021-42043

An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text a parameter to mediasearch-did-you-mean was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator...

PT-2021-23482 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 MediaSearch extension versions through 1.36.2 Description: An issue was discovered in Special:MediaSearch in the MediaSearch extension. The suggestion text, a parameter to mediasearch-did-you-mean, was not...