Description
Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.
Remediation
References
Related Vulnerabilities
WordPress Plugin Helpie FAQ-WordPress FAQ Accordion Security Bypass (0.7)
WordPress Plugin Royal PrettyPhoto Cross-Site Scripting (1.2)
WordPress Plugin WP-Stats-Dashboard Multiple Cross-Site Scripting Vulnerabilities (2.6.5.1)
PHP NULL Pointer Dereference Vulnerability (CVE-2018-19395)
WordPress Plugin AMP for WP-Accelerated Mobile Pages Security Bypass (0.9.97.19)