Moderate severityNVD Advisory· Published Apr 9, 2021· Updated Aug 3, 2024
CVE-2021-30458
CVE-2021-30458
Description
An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
wikimedia/parsoidPackagist | >= 0.12, < 0.12.2 | 0.12.2 |
wikimedia/parsoidPackagist | < 0.11.1 | 0.11.1 |
Affected products
2- Wikimedia/Parsoiddescription
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-5pqx-77vf-85rwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-30458ghsaADVISORY
- security.gentoo.org/glsa/202107-40ghsavendor-advisoryx_refsource_GENTOOWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/wikimedia/parsoid/CVE-2021-30458.yamlghsaWEB
- phabricator.wikimedia.org/T279451ghsax_refsource_MISCWEB
- www.mediawiki.org/wiki/Parsoidghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.