An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-29030 An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T03:22:25.803Z

Reserved: 2021-10-06T00:00:00

Link: CVE-2021-42042

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-10-06T21:15:07.297

Modified: 2024-11-21T06:27:07.350

Link: CVE-2021-42042

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.