Description
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.
Remediation
References
Related Vulnerabilities
FrontAccounting Multiple SQL Injection Vulnerabilities (CVE-2014-3973)
SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-1202)
WordPress Plugin CM Pop-Up banners for WordPress Cross-Site Scripting (1.4.10)
PostgreSQL Out-of-bounds Read Vulnerability (CVE-2019-10209)