Description
Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.
Remediation
References
Related Vulnerabilities
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.49)
OpenSSL Double Free Vulnerability (CVE-2022-4450)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15110)
MySQL CVE-2012-3150 Vulnerability (CVE-2012-3150)
WordPress Plugin Embedded Video 'lembedded-video.php' Cross-Site Scripting (4.1)