QSearchQSearch

CVE-2021-42041

6.1 MEDIUM

An issue was discovered in CentralAuth in MediaWiki through 1.36.2

Published: 2021-10-06 · Last updated: 2026-06-17

Severity and scoring

CVSS
6.1 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
CWE-79

Affected products

VendorProduct
mediawikimediawiki

Description

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-34094 Vulnerability in Wikimedia Foundation MediaWiki (3.8 LOW)
  • CVE-2026-34093 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki (5.3 MEDIUM)
  • CVE-2021-41801 The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control (8.8 HIGH)
  • CVE-2021-41800 MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time) (5.3 MEDIUM)
  • CVE-2021-41799 MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time) (7.5 HIGH)

Same CWE

  • CVE-2026-12425 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access ...
  • CVE-2024-30476 PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager (5.4 MEDIUM)
  • CVE-2026-54198 Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions (7.1 HIGH)
  • CVE-2026-54191 Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions (7.1 HIGH)
  • CVE-2026-39437 Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions (7.1 HIGH)