Description
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.
Remediation
References
Related Vulnerabilities
PostgreSQL Numeric Errors Vulnerability (CVE-2014-2669)
WordPress Plugin Awesome Support-WordPress HelpDesk & Support Cross-Site Scripting (5.8.0)
Internet Information Services Other Vulnerability (CVE-2007-2897)
PHP Resource Management Errors Vulnerability (CVE-2014-3538)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-10086)