Description
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.
Remediation
References
Related Vulnerabilities
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.21)
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.4.4)
Oracle Database Server CVE-2010-3600 Vulnerability (CVE-2010-3600)
WordPress 4.5.x Cross-Site Request Forgery (4.5 - 4.5.16)
qdPM Sensitive Information Disclosure Vulnerability (CVE-2015-3882)