Description
In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar).
Remediation
References
Related Vulnerabilities
WordPress Plugin Like Button Rating-LikeBtn Server-Side Request Forgery (2.6.31)
WordPress Plugin Visual CSS Style Editor Security Bypass (7.1.9)
Dolibarr Improper Privilege Management Vulnerability (CVE-2022-43138)
Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1005)
Oracle Database Server CVE-2008-0349 Vulnerability (CVE-2008-0349)