Description
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.
Remediation
References
Related Vulnerabilities
Zope Web Application Server Resource Management Errors Vulnerability (CVE-2008-5102)
MediaWiki Improper Input Validation Vulnerability (CVE-2017-8811)
WordPress Plugin Image Optimizer, Resizer and CDN-Sirv SQL Injection (1.3.1)
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-8286)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-0335)