Description
An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users.
Remediation
References
Related Vulnerabilities
Envoy Proxy Improper Certificate Validation Vulnerability (CVE-2022-21657)
WordPress Plugin ThreeWP Email Reflector 'Subject' Field Cross-Site Scripting (1.15)
Moodle Incorrect Authorization Vulnerability (CVE-2021-40692)
WordPress Plugin YITH WooCommerce Social Login Security Bypass (1.3.4)
YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)