Description
Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.
Remediation
References
Related Vulnerabilities
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-0813)
WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7118)
Drupal Core 9.2.x Multiple Security Bypass Vulnerabilities (9.2.0 - 9.2.5)
WordPress Other Vulnerability (CVE-2006-0733)
Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41307)