Description
An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Affiliates Manager SQL Injection (2.8.6)
WordPress Plugin WordPress Email Marketing-WP Email Capture Multiple Vulnerabilities (3.9.3)
WordPress Plugin GigPress 'Notes' Field HTML Injection (2.1.10)
WordPress Plugin WishList Member X SQL Injection (3.25.1)
WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.3.16)