CVE-2021-42043: 
NixOS vulnerability analysis and mitigation

An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query (NVD).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue with a CVSS v3.1 score of 6.1 MEDIUM and CVSS v2.0 score of 4.3 MEDIUM. The vulnerability exists in the MediaSearch extension's Special:MediaSearch feature where user input through the intitle: search operator is not properly sanitized before being output back to users via the mediasearch-did-you-mean parameter (NVD).

The vulnerability allows attackers to inject and execute arbitrary HTML and JavaScript code in the context of other users' browsers who view the search results. This could lead to theft of sensitive information, session hijacking, or other client-side attacks (NVD).

The vulnerability was fixed in versions after MediaWiki 1.36.2. Users should upgrade their MediaWiki installations to a patched version to protect against this vulnerability (NVD).