Description
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."
Remediation
References
Related Vulnerabilities
SharePoint Origin Validation Error Vulnerability (CVE-2019-1442)
WordPress Plugin PhotoXhibit Multiple Cross-Site Scripting Vulnerabilities (2.1.8)
Craft CMS Improper Authorization Vulnerability (CVE-2026-33162)
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7892)
WordPress Plugin Package Quantity Discount Security Bypass (1.1.2)