Description
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.
Remediation
References
Related Vulnerabilities
MySQL CVE-2015-4807 Vulnerability (CVE-2015-4807)
OpenSSL Out-of-bounds Write Vulnerability (CVE-2016-2182)
WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Remote Code Execution (1.3.4)
WordPress 4.6.x Cross-Domain Flash Injection Vulnerability (4.6 - 4.6.9)
Dolibarr Incorrect Authorization Vulnerability (CVE-2022-0731)