Description
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.
Remediation
References
Related Vulnerabilities
Drupal Core 8.x.x Directory Traversal (8.0.0 - 8.8.12)
WordPress Plugin JSM file_get_contents() Shortcode Server-Side Request Forgery (2.7.0)
WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0)
WordPress Plugin Publish to Schedule Cross-Site Scripting (4.5.4)
WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2016-8610)