{"id":"CVE-2022-21710","summary":"Cross-site Scripting in ShortDescription extension","details":"ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting (XSS) vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescription enabled, XSS can be triggered on any page or the page with the action=info parameter, which displays the shortdesc property. This is achieved using the wikitext `{{SHORTDESC:&lt;img src=x onerror=alert()&gt;}}`. This issue has a patch in version 2.3.4.","aliases":["GHSA-mgcp-qw2r-6832"],"modified":"2026-04-02T07:48:39.562104Z","published":"2022-01-24T19:45:10Z","database_specific":{"cwe_ids":["CWE-79"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21710.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21710.json"},{"type":"ADVISORY","url":"https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/security/advisories/GHSA-mgcp-qw2r-6832"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21710"},{"type":"FIX","url":"https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/commit/7c86644158388620c6c858258cc4e1a8de6e48ea"},{"type":"FIX","url":"https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/commit/bf568edd892adb8528dcb64f75dddf3eeaccc12c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/starcitizentools/mediawiki-extensions-shortdescription","events":[{"introduced":"0"},{"fixed":"7c86644158388620c6c858258cc4e1a8de6e48ea"}]},{"type":"GIT","repo":"https://github.com/starcitizentools/mediawiki-extensions-shortdescription","events":[{"introduced":"0"},{"fixed":"bf568edd892adb8528dcb64f75dddf3eeaccc12c"}]},{"type":"GIT","repo":"https://github.com/starcitizentools/mediawiki-extensions-shortdescription","events":[{"introduced":"0"},{"fixed":"7c86644158388620c6c858258cc4e1a8de6e48ea"}]},{"type":"GIT","repo":"https://github.com/starcitizentools/mediawiki-extensions-shortdescription","events":[{"introduced":"0"},{"fixed":"bf568edd892adb8528dcb64f75dddf3eeaccc12c"}]}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.3.4"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21710.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"}]}