Headline
CVE-2021-44855: Blind Stored XSS via Upload Image via URL
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.
Risk Rating
High
Author Affiliation
Wikimedia Communities
- Task Graph
- Mentions
Event Timeline
Restricted Application added a subscriber: Aklapper.
Reedy renamed this task from [ SECURITY VULNERABILIT ] Blind Stored XSS at https://id.wikipedia.org/ Via Upload Image Via URL to [ SECURITY VULNERABILITY ] Blind Stored XSS at https://id.wikipedia.org/ Via Upload Image Via URL.
sbassett triaged this task as High priority.
sbassett changed Risk Rating from N/A to High.
Mstyles lowered the priority of this task from High to Low.
Reedy renamed this task from [ SECURITY VULNERABILITY ] Blind Stored XSS at https://id.wikipedia.org/ Via Upload Image Via URL to Blind Stored XSS via Upload Image via URL.
sbassett merged a task: Restricted Task.
Reedy renamed this task from Blind Stored XSS via Upload Image via URL to CVE-2021-44855: Blind Stored XSS via Upload Image via URL.
Related news
Gentoo Linux Security Advisory 202305-24 - Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. Versions greater than or equal to 1.25.2 are affected.