CVE-2021-42048

low-risk
Published 2022-09-29

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.

Do I need to act?

-
0.22% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.8/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Mediawiki

References (4)

Patch https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537
Patch https://phabricator.wikimedia.org/T289064
Patch https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537
Patch https://phabricator.wikimedia.org/T289064
25
/ 100
low-risk
Severity 19/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal