Description
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.
Remediation
References
Related Vulnerabilities
WordPress Plugin Post Title Counter Cross-Site Scripting (1.1)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1570)
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.15)
Atlassian Confluence Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6342)