Description
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Calls to Action Multiple Cross-Site Scripting Vulnerabilities (2.5.0)
ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-0204)
Oracle JRE CVE-2018-2637 Vulnerability (CVE-2018-2637)
WordPress Plugin One Click SSL Cross-Site Request Forgery (1.4.6)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3388)