Description
Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.
Remediation
References
Related Vulnerabilities
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-13401)
WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.15.2)
WordPress Plugin WordPress Console Security Bypass (0.3.9)
PrestaShop Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-4792)