Description
An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users.
Remediation
References
Related Vulnerabilities
WordPress Plugin Brute Force Login Protection Cross-Site Scripting (1.5.2)
WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40)
MySQL CVE-2022-21485 Vulnerability (CVE-2022-21485)
WordPress Plugin Fluid Responsive Slideshow Multiple Vulnerabilities (2.2.6)
WordPress Plugin Ibtana-Ecommerce Product Addons Cross-Site Scripting (0.2.3)