Description
Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos.
Remediation
References
Related Vulnerabilities
WordPress Plugin McAvoy Cross-Site Scripting (0.1.0)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-2141)
Oracle JRE CVE-2017-10357 Vulnerability (CVE-2017-10357)
MySQL CVE-2016-0662 Vulnerability (CVE-2016-0662)
Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12529)