Description
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.
Remediation
References
Related Vulnerabilities
WordPress Plugin ActiveCampaign-Forms, Site Tracking, Live Chat Unspecified Vulnerability (5.7)
WordPress Plugin Easy Filter SQL Injection (1.5)
WordPress Plugin eCommerce Product Catalog for WordPress Cross-Site Request Forgery (3.0.17)
Oracle Database Server CVE-2011-0877 Vulnerability (CVE-2011-0877)
Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-41079)