Description
Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Candidate Application Form Arbitrary File Download (1.0)
WordPress Plugin GD Rating System Cross-Site Scripting (2.0.2)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4203)
WordPress Plugin Attached images title editor Cross-Site Scripting (1.1.1)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (5.1.4)