Description
An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.
Remediation
References
Related Vulnerabilities
Django Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-23833)
MySQL CVE-2020-2770 Vulnerability (CVE-2020-2770)
WordPress Plugin Advanced AJAX Product Filters Security Bypass (1.3.6.1)
Oracle Database Server CVE-2006-0283 Vulnerability (CVE-2006-0283)
Jboss EAP Improper Access Control Vulnerability (CVE-2013-4213)