Description
Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension.
Remediation
References
Related Vulnerabilities
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.31)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-2271)
MediaWiki Improper Authentication Vulnerability (CVE-2021-30158)
PrestaShop Incorrect Authorization Vulnerability (CVE-2020-5288)
Coppermine Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7186)