Description
An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.
Remediation
References
Related Vulnerabilities
WordPress Plugin Blogstand Banner Cross-Site Scripting (1.0)
WordPress Plugin LiveChat-WP live chat Cross-Site Scripting (3.7.3)
WebLogic CVE-2020-14825 Vulnerability (CVE-2020-14825)
Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9)
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4545)