HTML and JavaScript Injection Vulnerability in CentralAuth

HTML and JavaScript Injection Vulnerability in CentralAuth

CVE-2021-42041 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.

Learn more about our Web Application Penetration Testing UK.