Description
Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.
Remediation
References
Related Vulnerabilities
WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)
WordPress Plugin Map Block for Google Maps Unspecified Vulnerability (1.31)
Squid Improper Input Validation Vulnerability (CVE-2013-1839)
WordPress Plugin Swipe Checkout for WooCommerce Cross-Site Scripting (2.7.1)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-3011)