Cross-Site Scripting (XSS) Vulnerability in MediaWiki SportsTeams Extension

Cross-Site Scripting (XSS) Vulnerability in MediaWiki SportsTeams Extension

CVE-2021-36131 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users.

Learn more about our User Device Pen Test.