Description
In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.
Remediation
References
Related Vulnerabilities
PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2016-5424)
WebLogic Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-5397)
WordPress Plugin Simpel Reserveren 3 Cross-Site Scripting (3.5.2)
Moodle Improper Input Validation Vulnerability (CVE-2019-3847)
WordPress Plugin WordPress Custom Settings Cross-Site Scripting (1.0)