Vulnerability CVE-2021-30157: Information
Description
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
mediawiki | sisyphus | 1.35.2-alt1 | 1.40.1-alt2 | ALT-PU-2021-1712-1 | 270649 | Fixed |
mediawiki | p10 | 1.35.2-alt1 | 1.40.1-alt2 | ALT-PU-2021-1712-1 | 270649 | Fixed |
mediawiki | p9 | 1.36.1-alt1 | 1.36.1-alt1 | ALT-PU-2021-2091-1 | 274917 | Fixed |
mediawiki | c10f1 | 1.35.2-alt1 | 1.37.2-alt1 | ALT-PU-2021-1712-1 | 270649 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://phabricator.wikimedia.org/T278058 |
|
DSA-4889 |
|
GLSA-202107-40 |
|
FEDORA-2021-f4223b6684 | |
FEDORA-2021-d298103d3a |