Description
Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4407)
Oracle Database Server CVE-2011-0811 Vulnerability (CVE-2011-0811)
WordPress Plugin Calendar by WD-Responsive Event Calendar for WordPress SQL Injection (1.4.9)
MySQL CVE-2018-3078 Vulnerability (CVE-2018-3078)
WordPress Plugin Login/Signup Popup (Inline Form + Woocommerce) Cross-Site Request Forgery (2.2)