CVE-2021-31550

Sažetak

An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers.

Reference

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Commentbox/+/651934/
https://phabricator.wikimedia.org/T270767

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

27-04-2021 - 17:59

Objavljeno

22-04-2021 - 03:15