CVE-2021-45473

MEDIUM WAF: High

CVSS 6.1 Published: 2021-12-24

CWE-79

In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar).

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
mediawiki	mediawiki	up to 1.3.7
fedoraproject	fedora	35

References

gerrit.wikimedia.org (Third Party Advisory)
lists.fedoraproject.org
phabricator.wikimedia.org (Exploit, Third Party Advisory)

Back to CVE Database