Vulnerability Description
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file.
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | < 1.35.5 |
Related Weaknesses (CWE)
References
- https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78Third Party Advisory
- https://phabricator.wikimedia.org/T293556Third Party Advisory
- https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78Third Party Advisory
- https://phabricator.wikimedia.org/T293556Third Party Advisory
FAQ
What is CVE-2021-46146?
CVE-2021-46146 is a vulnerability with a CVSS score of 5.4 (MEDIUM). An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file.
How severe is CVE-2021-46146?
CVE-2021-46146 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-46146?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki.