Description
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Arbitrary File Download (3.4.5)
WordPress Plugin Local Weather Cross-Site Scripting (1.0)
WordPress Plugin ICustomizer Cross-Site Scripting (1.4.13)
WordPress Plugin Zedna eBook download Directory Traversal (1.1)
WordPress Plugin Download Manager Cross-Site Scripting (3.2.46)