CVE-2021-44855

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-44855

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44855.json

Aliases

BIT-mediawiki-2021-44855

Related

DSA-5246-1

Published

2022-12-26T05:15:10Z

Modified

2023-12-06T01:01:42.302210Z

Details

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.

References

https://phabricator.wikimedia.org/T293589
https://security.gentoo.org/glsa/202305-24

Affected packages

Git / github.com/wikimedia/mediawiki

Affected ranges

Type: GIT
Repo: https://github.com/wikimedia/mediawiki
Events: Fixed

8b874ff6c6ed5f209dfd0c825c5b310ef1ecca2f

Introduced

bc542ec6d8573dfb906b468901799e0017875f1e