Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31547PUBLISHED: 2021-04-22An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.
CVE-2021-31548PUBLISHED: 2021-04-22An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed.
CVE-2021-31549PUBLISHED: 2021-04-22An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged users.
CVE-2021-31550PUBLISHED: 2021-04-22An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers.
CVE-2021-31551PUBLISHED: 2021-04-22An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages.
User Rank: Author
9/28/2020 | 2:09:04 PM
As an IT practitioner, and as a parent, I totally agree that schools need to heed this warning. Most are ill-prepared for remote learning, and hybrid learning. High profile attacks, along with the Pandemic can risk the school year for many kids...