Description
An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions.
Remediation
References
Related Vulnerabilities
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-0207)
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Remote Code Execution (5.0.0)
XWiki Missing Authorization Vulnerability (CVE-2024-43401)
ZenCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4403)
WordPress Plugin CM Download Manager Arbitrary File Upload (2.8.5)