Description
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text().
Remediation
References
Related Vulnerabilities
ownCloud Improper Privilege Management Vulnerability (CVE-2020-36251)
WordPress Plugin Dropbox Folder Share Server-Side Request Forgery (1.9.7)
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6146)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Local File Inclusion (1.5.24)
WordPress Plugin Google Adsense and Hotel Booking Open Proxy (1.0.5)