CVE-2021-44855

Name of the Vulnerable Software and Affected Versions MediaWiki versions 1.35.5 and earlier, 1.36.x before 1.36.3, 1.37.x before 1.37.1

Description The issue is related to Blind Stored XSS via a URL to the Upload Image feature. This could allow a remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate protection of the web page structure in the VisualEditor component of MediaWiki.

Recommendations For MediaWiki versions 1.35.5 and earlier, update to version 1.35.5 or later. For MediaWiki versions 1.36.x before 1.36.3, update to version 1.36.3 or later. For MediaWiki versions 1.37.x before 1.37.1, update to version 1.37.1 or later. As a temporary workaround, consider restricting access to the Upload Image feature until a patch is applied.