Description
Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.
Remediation
References
Related Vulnerabilities
phpBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-6506)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4792)
WordPress Plugin Booking Ultra Pro Appointments Booking Calendar Local File Inclusion (1.1.13)
Oracle Database Server CVE-2011-0870 Vulnerability (CVE-2011-0870)
WordPress Resource Management Errors Vulnerability (CVE-2014-5266)