Description
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.
Remediation
References
Related Vulnerabilities
ownCloud Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-2052)
WordPress Plugin Carousel slideshow 'upload.php' Arbitrary File Upload (3.9)
WordPress Plugin WordPress+Microsoft Office 365/Azure AD-LOGIN Unspecified Vulnerability (11.6)
WordPress Plugin Exquisite PayPal Donation Cross-Site Scripting (2.0.0)