CVE-2022-21710
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-21710
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21710.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-21710
- Aliases
-
- GHSA-mgcp-qw2r-6832
- Published
- 2022-01-24T19:45:10Z
- Modified
- 2025-12-04T10:08:10.047618Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CVSS Calculator
- Summary
- Cross-site Scripting in ShortDescription extension
- Details
-
ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting (XSS) vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescription enabled, XSS can be triggered on any page or the page with the action=info parameter, which displays the shortdesc property. This is achieved using the wikitext
{{SHORTDESC:<img src=x onerror=alert()>}}. This issue has a patch in version 2.3.4. - Database specific
{ "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21710.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21710.json
- https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/commit/7c86644158388620c6c858258cc4e1a8de6e48ea
- https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/commit/bf568edd892adb8528dcb64f75dddf3eeaccc12c
- https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/security/advisories/GHSA-mgcp-qw2r-6832
- https://nvd.nist.gov/vuln/detail/CVE-2022-21710