Description
Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.
Remediation
References
Related Vulnerabilities
WordPress Plugin Newsletters Multiple Vulnerabilities (4.6.5.3)
Oracle JRE CVE-2018-2581 Vulnerability (CVE-2018-2581)
WordPress Plugin Widgets for WooCommerce Products on Elementor Security Bypass (1.0.5)
WordPress Plugin Podcast Importer SecondLine SQL Injection (1.3.7)
WordPress Plugin Analyticator Multiple Cross-Site Scripting Vulnerabilities (6.4.9.5)