CVE-2021-45474

NameCVE-2021-45474
DescriptionIn MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Notes

NOT-FOR-US: FileImporter MediaWiki extension
https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e
https://phabricator.wikimedia.org/T296605
Search for package or bug name: Reporting problems