Description
Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant.
Remediation
References
Related Vulnerabilities
WordPress Plugin Strong Testimonials Cross-Site Scripting (2.40.0)
WordPress Plugin Chameleoni Jobs Multiple Cross-Site Scripting Vulnerabilities (1.2.2)
WordPress Insecure Default Initialization of Resource Vulnerability (CVE-2017-5491)
WordPress Plugin FancyBox for WordPress Cross-Site Scripting (3.0.2)