Description
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
Remediation
References
Related Vulnerabilities
WordPress Plugin Accept Stripe Donation-AidWP Security Bypass (2.8)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29210)
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3717)
WordPress Plugin Google Forms Server-Side Request Forgery (0.91)
WordPress Plugin All-in-One WP Migration Security Bypass (7.14)