Description
Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2004-1018)
Oracle Database Server CVE-2014-6545 Vulnerability (CVE-2014-6545)
WordPress 'blog.header.php' Multiple SQL Injection Vulnerabilities (0.6.2 - 0.71)
WordPress Plugin Import CSV Directory Traversal (1.0)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8656)