Description
An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.
Remediation
References
Related Vulnerabilities
Joomla Improper Authentication Vulnerability (CVE-2017-16634)
phpMyAdmin CVE-2019-6799 Vulnerability (CVE-2019-6799)
WordPress Plugin WP Gravity Forms Zoho CRM Add-on Cross-Site Scripting (1.1.5)
WordPress Plugin flickrRSS Multiple Vulnerabilities (5.3.1)
WordPress Plugin Smart Marketing SMS and Newsletters Forms Security Bypass (2.6.1)