Your submission was sent successfully! Close

CVE-2021-30458

Published: 9 April 2021

An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
mediawiki
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream
Released (1:1.35.2-1)
xenial Does not exist