CVE-2021-30157
EUVD-2021-1709306.04.2021, 07:15
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mediawiki | mediawiki | 𝑥 < 1.31.12 |
| mediawiki | mediawiki | 1.32.0 ≤ 𝑥 < 1.35.2 |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References