Description
Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.
Remediation
References
Related Vulnerabilities
Moodle Credentials Management Errors Vulnerability (CVE-2011-4587)
WordPress Plugin Adaptive Images for WordPress Multiple Vulnerabilities (0.6.66)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-0701)
MySQL CVE-2017-3645 Vulnerability (CVE-2017-3645)
phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2016-9862)