Description
An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions.
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-2000-0025)
WordPress Plugin SEO Backdoor (5.0)
WordPress Plugin Visual Link Preview Security Bypass (2.2.2)
MySQL CVE-2014-2442 Vulnerability (CVE-2014-2442)
WordPress Plugin Multisite Plugin Manager Multiple Cross-Site Scripting Vulnerabilities (3.1.1)