Description
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.
Remediation
References
Related Vulnerabilities
WordPress Plugin Sync to Etsy Marketplace from WooCommerce Cross-Site Request Forgery (3.3.1)
Zenphoto Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-0993)
WordPress Plugin G-Lock Double Opt-in Manager 'ajaxbackend.php' SQL Injection (2.6.2)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5652)