Description
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.
Remediation
References
Related Vulnerabilities
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-11057)
WordPress Plugin Instagram Feed Unspecified Vulnerability (1.10.2)
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-34944)
WordPress Plugin Simple Ads Manager Multiple Vulnerabilities (2.6.96)