Description
An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.
Remediation
References
Related Vulnerabilities
MongoDb Other Vulnerability (CVE-2020-7928)
Python Unchecked Return Value Vulnerability (CVE-2021-4189)
Oracle Database Server CVE-2022-21247 Vulnerability (CVE-2022-21247)
WordPress 4.2.x Cross-Site Request Forgery (4.2 - 4.2.22)
WordPress Plugin Cart66 Lite::WordPress Ecommerce SQL Injection (1.5.1.17)