Description
Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox.
Remediation
References
Related Vulnerabilities
Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10002)
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7923)
WordPress Plugin WordPress Connect Cross-Site Scripting (2.0.3)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0246)