Description
Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-2759 Vulnerability (CVE-2018-2759)
PHP Improper Input Validation Vulnerability (CVE-2013-4248)
Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4464)
WordPress Plugin Facebook Page Feed Timeline Cross-Site Scripting (1.0)
Magento Insufficient Verification of Data Authenticity Vulnerability (CVE-2019-8124)