Description
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')."
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Cross-Seller Unspecified Vulnerability (1.0.2)
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2023-45135)
WordPress Plugin WP Rss Poster SQL Injection (1.0.0)
WordPress Plugin Pinterest Automatic Pin Security Bypass (4.14.3)
Envoy Proxy Improper Certificate Validation Vulnerability (CVE-2022-21656)