Description
Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.
Remediation
References
Related Vulnerabilities
WordPress Plugin Answer My Question Multiple Cross-Site Scripting Vulnerabilities (1.1)
WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Upload (6.4)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3963)
WordPress Plugin Store Locator Plus for WordPress Cross-Site Scripting (4.5.10)