CVE-2021-45474

MEDIUM WAF: High
CVSS 6.1 Published: 2021-12-24
CWE-79

In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

Affected Software

VendorProductVersion
mediawikimediawikiup to 1.37
fedoraprojectfedora35

References

Back to CVE Database