Description
An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users.
Remediation
References
Related Vulnerabilities
WordPress Plugin Affiliate Power-Sales Tracking for Affiliate Marketers Cross-Site Scripting (2.2.0)
WordPress Plugin Map Block for Google Maps Unspecified Vulnerability (1.31)
Oracle Database Server CVE-2008-1819 Vulnerability (CVE-2008-1819)
MediaWiki Unquoted Search Path or Element Vulnerability (CVE-2021-31553)
WordPress Plugin Broken Link Checker PHAR Deserialization (1.11.16)