Description
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress File Upload Cross-Site Scripting (4.3.3)
WordPress Plugin OneClick Chat to Order Cross-Site Scripting (1.0.4.1)
Oracle Database Server CVE-2021-35576 Vulnerability (CVE-2021-35576)
WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Cross-Site Scripting (3.10.1)