CVE-2021-45474

Published: 24 December 2021

In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.

Priority

CVSS 3 base score: 6.1

Status

Package	Release	Status
mediawiki Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	hirsute	Ignored (reached end-of-life)
	impish	Needs triage
	jammy	Needs triage
	trusty	Ignored (out of standard support)
	upstream	Needs triage
	xenial	Ignored (out of standard support)

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.