Description
An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users.
Remediation
References
Related Vulnerabilities
Liferay Portal CVE-2022-42126 Vulnerability (CVE-2022-42126)
Apache HTTP Server Other Vulnerability (CVE-2001-1072)
WordPress Plugin Site Kit by Google Security Bypass (1.7.1)
WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.8)
MyBB Exposure of Sensitive Information Through Metadata Vulnerability (CVE-2025-48941)