Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-42048

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.

Published

2022-09-29T03:15:14.707

Last Modified

2024-11-21T06:27:08.300

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mediawiki	mediawiki	≤ 1.36.2	Yes

References

https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537 Patch, Vendor Advisory ([email protected])
https://phabricator.wikimedia.org/T289064 Patch, Vendor Advisory ([email protected])
https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://phabricator.wikimedia.org/T289064 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)