CVE-2021-46146

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.35.5 MediaWiki versions 1.36.x prior to 1.36.3 MediaWiki versions 1.37.x prior to 1.37.1

Description An issue was discovered in the WikibaseMediaInfo component, which is vulnerable to XSS via the caption fields for a given media file. This allows for potential exploitation through the manipulation of these fields.

Recommendations For MediaWiki versions prior to 1.35.5, update to version 1.35.5 or later. For MediaWiki versions 1.36.x prior to 1.36.3, update to version 1.36.3 or later. For MediaWiki versions 1.37.x prior to 1.37.1, update to version 1.37.1 or later. As a temporary workaround, consider restricting access to the WikibaseMediaInfo component until a patch is applied. Avoid using the caption fields in the affected media files until the issue is resolved.