CVE-2021-42048

MEDIUM

MediaWiki < 1.36.2 - Stored Cross-Site Scripting via Growth Extension Newcomer Home Page Footer

Title source: llm

Description

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_misc

https://phabricator.wikimedia.org/T289064

Patch, Vendor Advisory x_refsource_misc

https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537

Scores

CVSS v3 4.8

EPSS 0.0022

EPSS Percentile 44.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

mediawiki/mediawiki < 1.36.2

Published Sep 29, 2022

Tracked Since Feb 18, 2026