Wednesday, January 5, 2022

MediaWiki: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-45474)

Description
In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.
Solution(s)
  • mediawiki-upgrade-latest


  • References
  • https://attackerkb.com/topics/cve-2021-45474
  • CVE - 2021-45474
  • https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e
  • https://phabricator.wikimedia.org/T296605




  •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore