CVE-2022-21710

Name of the Vulnerable Software and Affected Versions ShortDescription versions prior to 2.3.4

Description A cross-site scripting (XSS) issue exists in the ShortDescription MediaWiki extension. This allows XSS to be triggered on any page or the page with the action=info parameter, which displays the shortdesc property, using the wikitext {{SHORTDESC:<img src=x onerror=alert()>}}.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 to resolve the issue. As a temporary workaround, consider restricting the use of the {{SHORTDESC:}} wikitext until a patch is applied. Avoid using the onerror parameter in the img tag within the ShortDescription wikitext until the issue is resolved.