Description
Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.
Remediation
References
Related Vulnerabilities
WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (6.0.9)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3837)
WordPress Plugin All-in-One Event Calendar Cross-Site Scripting (2.5.38)
Apache Tomcat Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-12617)