Description
Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21337 Vulnerability (CVE-2022-21337)
Django Incorrect Default Permissions Vulnerability (CVE-2020-24584)
Oracle Database Server CVE-2011-0806 Vulnerability (CVE-2011-0806)
Sqlite CVE-2021-20223 Vulnerability (CVE-2021-20223)
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2021-35940)