Description
An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
Remediation
References
Related Vulnerabilities
WordPress Plugin ClickSold IDX Cross-Site Scripting (1.48)
Oracle Database Server CVE-2010-0071 Vulnerability (CVE-2010-0071)
WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (5.6.1)
WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (18.3)
WordPress Plugin Animate It! Cross-Site Request Forgery (2.3.5)