Description
An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2007-5518 Vulnerability (CVE-2007-5518)
WordPress Plugin Subscribe2 Cross-Site Scripting (10.15)
WordPress Plugin FV Flowplayer Video Player Cross-Site Request Forgery (7.5.30.7210)
WordPress 2.9.1 Trashed Posts Security Bypass Vulnerability (2.9 - 2.9.1)
TYPO3 Improper Input Validation Vulnerability (CVE-2015-8760)