CVE-2021-44855 — Cross-site Scripting in Mediawiki

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.5%

top 35.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedDec 26

Description

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1:1.35.5-1 (bookworm)

▶NVDmediawiki/mediawiki1.36.0 — 1.36.3+2

▶Debianmediawiki/mediawiki< 1:1.35.8-1~deb11u1+3

🔴Vulnerability Details

GHSA

GHSA-3cqw-cf93-mf47: An issue was discovered in MediaWiki before 1↗2022-12-26

▶

OSV

CVE-2021-44855: An issue was discovered in MediaWiki before 1↗2022-12-26

▶

📋Vendor Advisories

Red Hat

mediawiki: Blind Stored XSS via Upload Image via URL↗2022-12-26

▶

Debian

CVE-2021-44855: mediawiki - An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1....↗2021

▶