Description
The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension.
Remediation
References
Related Vulnerabilities
Drupal Improper Input Validation Vulnerability (CVE-2022-25273)
Drupal Core Cross-Site Scripting (8.0.0 - 9.1.15)
WordPress Plugin Affiliate Power-Sales Tracking for Affiliate Marketers Cross-Site Scripting (2.2.0)
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.17)
Serendipity Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-10752)