Description
An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators.
Remediation
References
Related Vulnerabilities
WordPress Plugin Shop Page WP Cross-Site Scripting (1.2.7)
WordPress Plugin Simple:Press 'sf-header-forum.php' SQL Injection (4.3.0)
Liferay Portal CVE-2020-13444 Vulnerability (CVE-2020-13444)
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-62253)
WordPress Plugin Velvet Blues Update URLs Unspecified Vulnerability (2.1)