Description
An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users.
Remediation
References
Related Vulnerabilities
WordPress Plugin youForms for WordPress-Creating Forms for CopeCart Cross-Site Scripting (1.0.5)
Apache Tomcat Other Vulnerability (CVE-2002-1895)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3412)
WordPress Plugin VK Gallery TimThumb Arbitrary File Upload (1.1.0)
WordPress Plugin Custom Website Data Cross-Site Scripting (2.2)