An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-29034 An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T03:22:25.791Z

Reserved: 2021-10-06T00:00:00

Link: CVE-2021-42046

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-09-29T03:15:14.597

Modified: 2024-11-21T06:27:07.980

Link: CVE-2021-42046

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.