Description
Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.
Remediation
References
Related Vulnerabilities
Apache Tomcat Other Vulnerability (CVE-2002-1148)
WordPress Plugin typofr Cross-Site Scripting (0.11)
PostgreSQL Out-of-bounds Write Vulnerability (CVE-2015-0242)
WordPress Plugin ReFlex Gallery Arbitrary File Upload (3.1.3)
WordPress Plugin Support Ticket System Multiple SQL Injection Vulnerabilities (1.2)