Description
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.
Remediation
References
Related Vulnerabilities
Dotclear Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3232)
Apache HTTP Server Other Vulnerability (CVE-2006-5752)
Drupal Incorrect Authorization Vulnerability (CVE-2017-6377)
Oracle JRE CVE-2013-1569 Vulnerability (CVE-2013-1569)
Atlassian Jira Insufficient Session Expiration Vulnerability (CVE-2021-39113)