Description
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."
Remediation
References
Related Vulnerabilities
Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5)
Internet Information Services Other Vulnerability (CVE-2000-0886)
WordPress Plugin Contact Form 7 Cross-Site Scripting (4.0.1)
WordPress Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2020-4050)
WordPress Plugin WPBakery Page Builder Cross-Site Scripting (6.4.0)