ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting (XSS) vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescription enabled, XSS can be triggered on any page or the page with the action=info parameter, which displays the shortdesc property. This is achieved using the wikitext `{{SHORTDESC:<img src=x onerror=alert()>}}`. This issue has a patch in version 2.3.4.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-01-24T19:45:10
Updated: 2024-08-03T02:53:35.497Z
Reserved: 2021-11-16T00:00:00
Link: CVE-2022-21710
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-01-24T20:15:08.600
Modified: 2022-01-28T18:56:22.597
Link: CVE-2022-21710
Redhat
No data.