CVE-2021-46146 Information
Share on:
Jun 06, 2022
cve
Description
An issue was discovered in MediaWiki before 1.35.5 1.36.x before 1.36.3 and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Reference
https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78 https://phabricator.wikimedia.org/T293556
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
5.4