Description
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21444 Vulnerability (CVE-2022-21444)
phpMyFAQ Other Vulnerability (CVE-2005-0702)
WordPress Plugin Product Reviews Import Export for WooCommerce CSV Injection (1.4.8)
Oracle Database Server CVE-2018-3004 Vulnerability (CVE-2018-3004)
WordPress Plugin bbPress Move Topics PHP Object Injection (1.1.4)