Description
Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-3280 Vulnerability (CVE-2018-3280)
WordPress Plugin Advanced User Registration and Management Cross-Site Scripting (2.3.5)
WebLogic CVE-2024-21183 Vulnerability (CVE-2024-21183)
WebLogic CVE-2017-10336 Vulnerability (CVE-2017-10336)
WordPress Plugin 2 Click Social Media Buttons 'xing-url' Parameter Cross-Site Scripting (0.32.2)