Description
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.
Remediation
References
Related Vulnerabilities
WordPress Plugin Search Logger-Know What Your Visitors Search SQL Injection (0.9)
Nexus Repository Manager Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-43293)
WordPress Plugin Parcel Tracker eCourier Cross-Site Request Forgery (1.0.1)
Oracle JRE CVE-2013-2458 Vulnerability (CVE-2013-2458)
Envoy Proxy Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-15225)