Headline

CVE-2021-42047: Permanent XSS exploitable by wiki admins (server-side part) (CVE-2021-42047)

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback.

2 years ago

CVE

Open in Source

#xss #js #auth

Author Affiliation

WMF Product

Task Graph
Mentions

Event Timeline

Restricted Application added a subscriber: Aklapper.

Urbanecm_WMF renamed this task from Mentor dashboard mentee overview: Permanent XSS exploitable by wiki admins to Mentor dashboard: Permanent XSS exploitable by wiki admins.

Urbanecm_WMF renamed this task from Mentor dashboard: Permanent XSS exploitable by wiki admins to Mentor dashboard: Permanent XSS exploitable by wiki admins (server-side part).

Urbanecm_WMF changed Author Affiliation from N/A to WMF Product.

Mstyles renamed this task from Mentor dashboard: Permanent XSS exploitable by wiki admins (server-side part) to Mentor dashboard: Permanent XSS exploitable by wiki admins (server-side part) (CVE-2021-42047).

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago