» 2022 » 1월

CVE-2021-46163

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-46163

Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem.

Source: CVE-2021-46163

CVE-2021-46150

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-46150

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October.

Source: CVE-2021-46150

CVE-2021-46148

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-46148

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance.

Source: CVE-2021-46148

CVE-2021-46149

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-46149

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search.

Source: CVE-2021-46149

CVE-2021-46146

Posted on 2022년 1월 10일2022년 1월 11일 by admin

CVE-2021-46146

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file.

Source: CVE-2021-46146