Description
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.
Remediation
References
Related Vulnerabilities
Joomla! Core 3.9.x Information Disclosure (3.9.0 - 3.9.22)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5492)
WordPress Plugin Admin Custom Login Cross-Site Scripting (2.5.3.1)
WordPress Plugin Post Grid Multiple Vulnerabilities (2.0.71)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7831)