4 matches found
CVE-2021-42043
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text a parameter to mediasearch-did-you-mean was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator...
Design/Logic Flaw
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text a parameter to mediasearch-did-you-mean was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator...
CVE-2021-42043
The CVE-2021-42043 entry concerns MediaWiki’s Special:MediaSearch in the MediaSearch extension up to version 1.36.2. The bug is caused by improper sanitization of the suggestion text parameter to mediasearch-did-you-mean, enabling injection/execution of HTML and JavaScript via the intitle: search...
CVE-2021-42043
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text a parameter to mediasearch-did-you-mean was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator...