Description
MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.
Remediation
References
Related Vulnerabilities
SugarCRM Missing Authorization Vulnerability (CVE-2020-7472)
MySQL CVE-2013-3798 Vulnerability (CVE-2013-3798)
Oracle Application Server Other Vulnerability (CVE-2007-0285)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4549)
Oracle Database Server CVE-2013-5771 Vulnerability (CVE-2013-5771)