Description
In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.
Remediation
References
Related Vulnerabilities
MediaWiki CVE-2022-28209 Vulnerability (CVE-2022-28209)
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2020-11067)
PHP Other Vulnerability (CVE-2015-4599)
Jboss EAP Resource Management Errors Vulnerability (CVE-2016-7046)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (5.2.3)