Description
The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).
Remediation
References
Related Vulnerabilities
WordPress Plugin Yoast SEO Cross-Site Scripting (2.0.1)
WordPress Plugin WP DSGVO Tools (GDPR) Cross-Site Request Forgery (2.2.18)
MySQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-0709)
WordPress Plugin Featurific For WordPress 'snum' Parameter Cross-Site Scripting (1.6.2)