Wiz
Vulnerability DatabaseCVE-2021-36130

CVE-2021-36130
NixOS vulnerability analysis and mitigation

Overview

An XSS (Cross-Site Scripting) vulnerability was discovered in the SocialProfile extension of MediaWiki through version 1.36. The vulnerability was assigned CVE-2021-36130 and was disclosed on July 2, 2021. The issue affects the gift-related special pages within the SocialProfile extension (MITRE CVE).

Technical details

The vulnerability allows privileged users with the 'awardmanage' right to inject arbitrary HTML and JavaScript within various gift-related data fields. The vulnerability is particularly concerning because it has the potential to propagate across multiple pages affecting numerous users (MITRE CVE).

Impact

The impact of this vulnerability is significant as it allows for cross-site scripting attacks that can propagate across many pages and affect multiple users. Since the vulnerability requires privileged access, the scope is somewhat limited to users with specific administrative rights (MITRE CVE).

Mitigation and workarounds

A fix for this vulnerability has been implemented and can be found in the MediaWiki repository. Users are advised to update their MediaWiki installations and the SocialProfile extension to the latest version (Wikimedia Gerrit).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-12819HIGH8.1
  • NixOSNixOS
  • pgbouncer
NoYesDec 03, 2025
CVE-2025-20777MEDIUM6.7
  • NixOSNixOS
  • android
NoNoDec 02, 2025
CVE-2025-65105MEDIUM5.3
  • NixOSNixOS
  • apptainer
NoYesDec 02, 2025
CVE-2025-20789MEDIUM4.4
  • NixOSNixOS
  • android
NoNoDec 02, 2025
CVE-2025-20788MEDIUM4.4
  • NixOSNixOS
  • android
NoNoDec 02, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo