FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- multiple vulnerabilities

Affected packages
mediawiki131 < 1.31.16
mediawiki135 < 1.35.4
mediawiki136 < 1.36.2

Details

VuXML ID f84ab297-2285-11ec-9e79-08002789875b
Discovery 2021-06-24
Entry 2021-10-01

Mediawiki reports:

(T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.

(T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full table scan.

(T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of Special:Contributions.

(T279090, CVE-2021-41801) SECURITY: ReplaceText continues performing actions if the user no longer has the correct permission (such as by being blocked).

References

CVE Name CVE-2021-41798
CVE Name CVE-2021-41799
CVE Name CVE-2021-41800
CVE Name CVE-2021-41801
URL https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/