Description
Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.
Remediation
References
Related Vulnerabilities
Moodle Other Vulnerability (CVE-2004-1425)
WordPress Plugin Software License Manager Cross-Site Scripting (4.4.7)
Envoy Proxy Improper Handling of Exceptional Conditions Vulnerability (CVE-2024-23325)
WordPress Plugin Contact Form Email Cross-Site Scripting (1.1.87)
Oracle Database Server CVE-2019-2753 Vulnerability (CVE-2019-2753)