Description
Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Product Vendors Cross-Site Scripting (2.0.35)
WordPress Plugin WP Maintenance Cross-Site Request Forgery (5.0.5)
WordPress Plugin Stop User Enumeration User Enumeration (1.3.8)
WordPress Improper Input Validation Vulnerability (CVE-2020-28037)
WordPress Plugin AccessPress Social Icons Multiple SQL Injection Vulnerabilities (1.6.6)