Description
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Yes-co ORES Cross-Site Scripting (1.3.44)
Oracle Database Server CVE-2015-4796 Vulnerability (CVE-2015-4796)
WordPress Plugin Limit Attempts by BestWebSoft Cross-Site Scripting (1.1.7)
WordPress Plugin Realty by BestWebSoft Cross-Site Scripting (1.0.9)
WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Arbitrary File Upload (3.4.3)