CVE-2021-31551

{"id": "CVE-2021-31551", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2021-04-22T03:15:08.130", "references": [{"url": "https://gerrit.wikimedia.org/r/q/I20b63bd38779d2ccbe2d86f9879df85ca3b685f6", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gerrit.wikimedia.org/r/q/I5e0abbc2f80e6bda255b3b32a4df39a7fe7d3793", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gerrit.wikimedia.org/r/q/Ibe68b070ee791cd0c8e7f50eb04ac4e066b1512c", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://phabricator.wikimedia.org/T259433", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages."}, {"lang": "es", "value": "Se detect\u00f3 un problema en la extensi\u00f3n PageForms para MediaWiki versiones hasta 1.35.2. Las cargas \u00fatiles dise\u00f1adas para los par\u00e1metros query relacionados con el token permitieron un ataque de tipo XSS en determinadas p\u00e1ginas de MediaWiki administradas por PageForms"}], "lastModified": "2021-04-22T20:25:25.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4067807D-769C-485F-A7E3-EE96885BDCE7", "versionEndIncluding": "1.35.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}