ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting (XSS) vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescription enabled, XSS can be triggered on any page or the page with the action=info parameter, which displays the shortdesc property. This is achieved using the wikitext `{{SHORTDESC:<img src=x onerror=alert()>}}`. This issue has a patch in version 2.3.4.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-01-24T19:45:10

Updated: 2024-08-03T02:53:35.497Z

Reserved: 2021-11-16T00:00:00

Link: CVE-2022-21710

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2022-01-24T20:15:08.600

Modified: 2022-01-28T18:56:22.597

Link: CVE-2022-21710

cve-icon Redhat

No data.