Description
Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.
Remediation
References
Related Vulnerabilities
Jenkins CVE-2018-1000408 Vulnerability (CVE-2018-1000408)
WordPress Plugin MailPoet Newsletters (Previous) SQL Injection (2.2)
WordPress Plugin WP-DBManager Arbitrary File Deletion (2.79.1)
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-5190)
WordPress Plugin Contact Form DB-Elementor Cross-Site Request Forgery (1.5)