CVE-2021-45472

MEDIUM WAF: High

CVSS 6.1 Published: 2021-12-24

CWE-79

In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
mediawiki	mediawiki	up to 1.37
fedoraproject	fedora	35

References

gerrit.wikimedia.org (Third Party Advisory)
lists.fedoraproject.org
phabricator.wikimedia.org (Third Party Advisory)

Back to CVE Database