Description
Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.
Remediation
References
Related Vulnerabilities
WordPress Plugin Visual Composer:Page Builder for WordPress Local File Inclusion (5.1)
WordPress Plugin ResAds Multiple Cross-Site Scripting Vulnerabilities (1.0.1)
Oracle Database Server Other Vulnerability (CVE-2005-3444)
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2009-1890)